两名中国人木姐国门抢劫只为回家[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

两名中国人木姐国门抢劫只为回家.exe
Size

4.1MB
MD5

4f7570fb7ecab25ec50b01c663d2da1d
SHA1

e94f4298d486b9945ca7c1be91c831ca7b40a9e1
SHA256

eb8e41c2f8ad665d1cdd6c9ae1d05db9f1853cd03e0ee6e33de1dbc83000b153
SHA512

24ec68fdbc8c3b7e363e71b481a8371c36f14c826efc6dc002881348e363076f48dd032ddf72d632ce02186f1582d38aed448e595e04a82d252bda4ec8efdff0
SSDEEP

98304:1j/GaSwqLYmGgdh7kac5cr4WjlxJw7jDp0m9xUxg+2CY:jQ8Yq+4EwLp9gX2CY

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

两名中国人木姐国门抢劫只为回家.exe
.exe windows:4 windows x86

Code Sign

33:00:00:04:70:9f:73:17:f5:9b:0e:64:66:00:00:00:00:04:70
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/01/2022, 19:32

Not After

26/01/2023, 19:32

Subject

CN=Microsoft Windows Kits Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:ac:9b:b9:a6:f1:4a:6d:48:e4:59:01:fd:c1:6f:21:57:6b:51:b2:88:5f:cf:83:09:c5:5d:c8:c5:37:fa:38
Signer

Actual PE Digest

37:ac:9b:b9:a6:f1:4a:6d:48:e4:59:01:fd:c1:6f:21:57:6b:51:b2:88:5f:cf:83:09:c5:5d:c8:c5:37:fa:38

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 437KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 37KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

33:00:00:04:70:9f:73:17:f5:9b:0e:64:66:00:00:00:00:04:70Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

37:ac:9b:b9:a6:f1:4a:6d:48:e4:59:01:fd:c1:6f:21:57:6b:51:b2:88:5f:cf:83:09:c5:5d:c8:c5:37:fa:38Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 437KB - Virtual size: 440KB

Size: 37KB - Virtual size: 265KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 266KB - Virtual size: 266KB

.themida Size: - Virtual size: 5.5MB

.boot Size: 3.3MB - Virtual size: 3.3MB

33:00:00:04:70:9f:73:17:f5:9b:0e:64:66:00:00:00:00:04:70
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

37:ac:9b:b9:a6:f1:4a:6d:48:e4:59:01:fd:c1:6f:21:57:6b:51:b2:88:5f:cf:83:09:c5:5d:c8:c5:37:fa:38
Signer

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 266KB - Virtual size: 266KB

.themida
Size: - Virtual size: 5.5MB

.boot
Size: 3.3MB - Virtual size: 3.3MB