install[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

install.exe
Size

4.4MB
MD5

cd01d6fb124c8ec88ebaa45c60667dbf
SHA1

733dbf621eb841b4dbe3da762e5d7f873e821f50
SHA256

8bdafa65907b95c398aa10b478ccf39e19135775dad418c4d8fa6f697fc52e22
SHA512

ceb55dcb6a724e88873e69b35cf0f727249ee9170b4cb9032806aa508da110ab1f5003ffcb391696b5bd068f19c938840ffe2c4a9d74482a9a6f21714e4914c7
SSDEEP

98304:DDTy892UpFRDUJybQzcFQ4+pV87Ey6YEnM0lyAO6:D3yupFRD5QIFQ4a1nMa

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

install.exe
.exe windows:6 windows x64

Code Sign

22:74:fb:6e:72:31:d8:d8:49:11:d0:5f:79:0a:0e:3e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,OU=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

31/10/2023, 04:50

Not After

31/10/2024, 04:50

Subject

CN=Microsoft Code Signing PCA 2011,OU=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:50:47:3d:e6:e1:f0:a2:c5:3e:df:2d:49:cb:6b:12:57:86:55:10:fc:a7:49:33:04:05:60:32:7a:40:f7:23
Signer

Actual PE Digest

26:50:47:3d:e6:e1:f0:a2:c5:3e:df:2d:49:cb:6b:12:57:86:55:10:fc:a7:49:33:04:05:60:32:7a:40:f7:23

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

DotNetRuntimeDebugHeader

Sections

Size: 197KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 314KB - Virtual size: 711KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 547KB - Virtual size: 850KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 33KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 41KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 190B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 481B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 10KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.exports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

22:74:fb:6e:72:31:d8:d8:49:11:d0:5f:79:0a:0e:3eCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

26:50:47:3d:e6:e1:f0:a2:c5:3e:df:2d:49:cb:6b:12:57:86:55:10:fc:a7:49:33:04:05:60:32:7a:40:f7:23Signer

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 197KB - Virtual size: 451KB

Size: 314KB - Virtual size: 711KB

Size: 547KB - Virtual size: 850KB

Size: 33KB - Virtual size: 171KB

Size: 41KB - Virtual size: 71KB

Size: 190B - Virtual size: 348B

Size: 481B - Virtual size: 924B

Size: 10KB - Virtual size: 37KB

.exports Size: 512B - Virtual size: 4KB

.imports Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.themida Size: - Virtual size: 5.9MB

.boot Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 16B - Virtual size: 4KB

22:74:fb:6e:72:31:d8:d8:49:11:d0:5f:79:0a:0e:3e
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

26:50:47:3d:e6:e1:f0:a2:c5:3e:df:2d:49:cb:6b:12:57:86:55:10:fc:a7:49:33:04:05:60:32:7a:40:f7:23
Signer

.exports
Size: 512B - Virtual size: 4KB

.imports
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.themida
Size: - Virtual size: 5.9MB

.boot
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 16B - Virtual size: 4KB