Heavan[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Heavan.exe
Size

2.2MB
MD5

a727792f940e4e4d09530b4d59309b45
SHA1

ccc7c13bacc1f4d84bb7721abd17de1ff9993dcb
SHA256

2e0294a4bc72959fcec69fae965a6b314964d284d4b68161e3f935460a6db7e4
SHA512

94dcbfed2960ae43f2d17520d6541fcefb93e35ab824ba5221fdae648d0a72aabf0fb29aff289f21971f6327def5eca01deb4506ea631c647ad832e2d9b06e01
SSDEEP

49152:gKicQ6E55HbpqoLumD2BGhhAE45gmzIMU/H:gJck55HbVuA2jE0g9/

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

Heavan.exe
.exe windows x86

Code Sign

49:9d:13:d0:42:71:07:93:43:a3:f3:cc:d3:67:89:ae
Certificate

Issuer

CN=MSI Pulse GL74 12UEK-088XRU Intel Core i5 12500H/ 3.3 GHz - 4.5 GHz/ 16384 Mb/ 17.3 Full HD 1920x1080/ 512 Gb SSD/ DVD nVidia GeForce RTX 3070 6144 DYS (9N7-17L314-088)

Not Before

20/04/2023, 11:38

Not After

21/04/2033, 11:38

Subject

CN=MSI Pulse GL74 12UEK-088XRU Intel Core i5 12500H/ 3.3 GHz - 4.5 GHz/ 16384 Mb/ 17.3 Full HD 1920x1080/ 512 Gb SSD/ DVD nVidia GeForce RTX 3070 6144 DYS (9N7-17L314-088)

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:6b:cd:8a:f9:d2:95:85:2b:e9:cd:52:46:bd:7b:1e:b3:05:2b:4f:5c:06:9c:1f:1f:95:0b:5c:9d:69:12:bd
Signer

Actual PE Digest

10:6b:cd:8a:f9:d2:95:85:2b:e9:cd:52:46:bd:7b:1e:b3:05:2b:4f:5c:06:9c:1f:1f:95:0b:5c:9d:69:12:bd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 57KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 198KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

49:9d:13:d0:42:71:07:93:43:a3:f3:cc:d3:67:89:aeCertificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

10:6b:cd:8a:f9:d2:95:85:2b:e9:cd:52:46:bd:7b:1e:b3:05:2b:4f:5c:06:9c:1f:1f:95:0b:5c:9d:69:12:bdSigner

Headers

DLL Characteristics

File Characteristics

Sections

Size: 57KB - Virtual size: 128KB

Size: 198KB - Virtual size: 347KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 5KB - Virtual size: 8KB

.themida Size: - Virtual size: 3.3MB

.boot Size: 1.9MB - Virtual size: 1.9MB

49:9d:13:d0:42:71:07:93:43:a3:f3:cc:d3:67:89:ae
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

10:6b:cd:8a:f9:d2:95:85:2b:e9:cd:52:46:bd:7b:1e:b3:05:2b:4f:5c:06:9c:1f:1f:95:0b:5c:9d:69:12:bd
Signer

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 5KB - Virtual size: 8KB

.themida
Size: - Virtual size: 3.3MB

.boot
Size: 1.9MB - Virtual size: 1.9MB