Setup[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Setup.7z
Size

6.3MB
MD5

3e075526a55460b632d88344409c9d54
SHA1

7ed038a8fefc49fb3f61de1098489d4eb214f732
SHA256

dbf9c5dcd5eb6d11404f36e4734074f4eb3f3142a42e6eb9007806d1a7829015
SHA512

ab4be335b49658ef5cb8282abd4a8adf39535159f76bdc7de4c662d60b982d47f4c1c1d7a3afedaac0f6d2bf9f57a920cfc7d37b0ed72ca6ab2d72c9e255cfa2
SSDEEP

98304:0YO5/iyGcxOxzqNZOlw1ffGc9RZl9jPbh1bnUVghhXx2WOBmXE11speFy:0YORUcy8ZOcHl9jTPUkXx2WOBmXE1SZ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/Setup.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CrystalDecisions.Shared.dll

Files

Setup.7z
.7z

Password: 1234
CrystalDecisions.Shared.dll
.dll windows:4 windows x86

Password: 1234

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 840KB - Virtual size: 838KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setup.exe
.exe windows:6 windows x64

Password: 1234

90cbc641339e24746f48696dcc40a747

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:02:2e:55:67:d2:57:70:10:64:4d:e5:2c:9a:36:56
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/05/2022, 00:00

Not After

22/05/2024, 23:59

Subject

SERIALNUMBER=C3105953,CN=FOXIT SOFTWARE INC.,O=FOXIT SOFTWARE INC.,L=Fremont,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:02:2e:55:67:d2:57:70:10:64:4d:e5:2c:9a:36:56
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/05/2022, 00:00

Not After

22/05/2024, 23:59

Subject

SERIALNUMBER=C3105953,CN=FOXIT SOFTWARE INC.,O=FOXIT SOFTWARE INC.,L=Fremont,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:26:4c:f0:28:44:bd:5d:24:1b:75:03:5c:5e:56:eb:3e:57:3c:7b:74:35:dc:16:6b:0f:74:96:1a:f4:5d:40
Signer

Actual PE Digest

c0:26:4c:f0:28:44:bd:5d:24:1b:75:03:5c:5e:56:eb:3e:57:3c:7b:74:35:dc:16:6b:0f:74:96:1a:f4:5d:40

Digest Algorithm

sha256

PE Digest Matches

false

a8:7d:5d:0c:94:d1:e6:5a:ea:7b:11:87:d5:04:65:fb:68:df:37:97
Signer

Actual PE Digest

a8:7d:5d:0c:94:d1:e6:5a:ea:7b:11:87:d5:04:65:fb:68:df:37:97

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharNextA
CharUpperBuffW

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

Sections

Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

./../../
Size: - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

./../../
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

./../../
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

./../../
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 840KB - Virtual size: 838KB

.rsrc Size: 4KB - Virtual size: 1016B

.reloc Size: 4KB - Virtual size: 12B

Password: 1234

90cbc641339e24746f48696dcc40a747

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29Certificate

Extended Key Usages

Key Usages

0b:02:2e:55:67:d2:57:70:10:64:4d:e5:2c:9a:36:56Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29Certificate

Extended Key Usages

Key Usages

0b:02:2e:55:67:d2:57:70:10:64:4d:e5:2c:9a:36:56Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

c0:26:4c:f0:28:44:bd:5d:24:1b:75:03:5c:5e:56:eb:3e:57:3c:7b:74:35:dc:16:6b:0f:74:96:1a:f4:5d:40Signer

a8:7d:5d:0c:94:d1:e6:5a:ea:7b:11:87:d5:04:65:fb:68:df:37:97Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

Size: - Virtual size: 3.1MB

Size: - Virtual size: 240KB

Size: - Virtual size: 73KB

Size: - Virtual size: 85KB

Size: - Virtual size: 252B

./../../ Size: - Virtual size: 143KB

Size: - Virtual size: 9KB

.idata Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.themida Size: - Virtual size: 3.7MB

./../../ Size: - Virtual size: 2.6MB

./../../ Size: 2KB - Virtual size: 1KB

./../../ Size: 6.4MB - Virtual size: 6.4MB

.reloc Size: 512B - Virtual size: 148B

.rsrc Size: 60KB - Virtual size: 59KB

.text
Size: 840KB - Virtual size: 838KB

.rsrc
Size: 4KB - Virtual size: 1016B

.reloc
Size: 4KB - Virtual size: 12B

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

0b:02:2e:55:67:d2:57:70:10:64:4d:e5:2c:9a:36:56
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

0b:02:2e:55:67:d2:57:70:10:64:4d:e5:2c:9a:36:56
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

c0:26:4c:f0:28:44:bd:5d:24:1b:75:03:5c:5e:56:eb:3e:57:3c:7b:74:35:dc:16:6b:0f:74:96:1a:f4:5d:40
Signer

a8:7d:5d:0c:94:d1:e6:5a:ea:7b:11:87:d5:04:65:fb:68:df:37:97
Signer

./../../
Size: - Virtual size: 143KB

.idata
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 3.7MB

./../../
Size: - Virtual size: 2.6MB

./../../
Size: 2KB - Virtual size: 1KB

./../../
Size: 6.4MB - Virtual size: 6.4MB

.reloc
Size: 512B - Virtual size: 148B

.rsrc
Size: 60KB - Virtual size: 59KB