Privateloaderbghbjfhbab4_browsingExe[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Privateloaderbghbjfhbab4_browsingExe.exe
Size

2.0MB
MD5

6b4b30db49b0dbdf32925501b8cc4531
SHA1

4a532c06a55f36575a6ce747be3a27eed4b8417a
SHA256

c633d7549fb4a77e02fa1e48f8fb3e3b41d8a998778d2e2c024949673dad0ba5
SHA512

702290bb1ca5f8f1436e8eaef6dbca68b45afc59bb19df927c9f4eb896cc16a45f918f65b68099de5d840cbf2e39e9ec779ac7f6343348c26aad1fcbadc48f2d
SSDEEP

49152:r/4fNavQk+IIbOTSbXJRQ1a/G5VnoTwgjTqCCgXuh/JdW:r/40ebOTSjJRjGLnAKCWE

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

Privateloaderbghbjfhbab4_browsingExe.exe
.exe windows x64

Code Sign

30:53:fb:c3:22:9a:9e:ad:47:c1:25:8a:04:a0:09:c8
Certificate

Issuer

CN=Toshiba MQ01ABMxx 2.5 MQ01ABD060

Not Before

07/10/2022, 20:43

Not After

08/10/2032, 20:43

Subject

CN=Toshiba MQ01ABMxx 2.5 MQ01ABD060

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:df:96:1f:ee:7e:bd:3d:d1:dd:8e:be:6f:2b:13:31:fd:2f:ac:e8:cd:8c:80:1a:e4:61:9f:7b:98:a6:58:76
Signer

Actual PE Digest

5f:df:96:1f:ee:7e:bd:3d:d1:dd:8e:be:6f:2b:13:31:fd:2f:ac:e8:cd:8c:80:1a:e4:61:9f:7b:98:a6:58:76

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 319KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

30:53:fb:c3:22:9a:9e:ad:47:c1:25:8a:04:a0:09:c8Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

5f:df:96:1f:ee:7e:bd:3d:d1:dd:8e:be:6f:2b:13:31:fd:2f:ac:e8:cd:8c:80:1a:e4:61:9f:7b:98:a6:58:76Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 319KB - Virtual size: 464KB

.rsrc Size: 35KB - Virtual size: 34KB

.idata Size: 512B - Virtual size: 8KB

.themida Size: - Virtual size: 4.1MB

.boot Size: 1.6MB - Virtual size: 1.6MB

30:53:fb:c3:22:9a:9e:ad:47:c1:25:8a:04:a0:09:c8
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

5f:df:96:1f:ee:7e:bd:3d:d1:dd:8e:be:6f:2b:13:31:fd:2f:ac:e8:cd:8c:80:1a:e4:61:9f:7b:98:a6:58:76
Signer

.rsrc
Size: 35KB - Virtual size: 34KB

.idata
Size: 512B - Virtual size: 8KB

.themida
Size: - Virtual size: 4.1MB

.boot
Size: 1.6MB - Virtual size: 1.6MB