6b13a8ae290d32b179b33c288942d102[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

6b13a8ae290d32b179b33c288942d102.bin
Size

3.1MB
MD5

77fce9be6cb9e60dbcc7e66a66dbc2fc
SHA1

079db115d9eb76209a06b9f94725e4a34ec20784
SHA256

1f22f9a59ee055ac58c7fb2d7416fda64824df33fc4a9aa0b366e11fab1573ed
SHA512

8ed1e73dc42ed2cbf69d675800acf54702cee3dcbe47b25225842df85104833fa4e19eeeb1a667cebde69c203cddf06c1b4ebb0a6759f2878003bd8e00171a2c
SSDEEP

98304:gU8MEWD+hg8K7NsepnFIj8fEUM0aVicIHeMs3n:WMES+hbK7NfFy7j8s3

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/bc842797c37278951f77869edbdb0d8f5f05c0eedff245e8c45e2a3f46ea0e0c.exe	themida

Files

6b13a8ae290d32b179b33c288942d102.bin
.zip

Password: infected
bc842797c37278951f77869edbdb0d8f5f05c0eedff245e8c45e2a3f46ea0e0c.exe
.exe windows:4 windows x86 arch:x86

Password: infected

Code Sign

63:24:4d:30:d2:a1:4a:b4:4a:ad:bd:9a:36:e4:da:5a
Certificate

Issuer

CN=HDD Toshiba SATA-III 10Tb HDWG460EZSTA N300 (7200rpm) 4096Mb 2.5 Rtl

Not Before

10/12/2022, 12:00

Not After

11/12/2032, 12:00

Subject

CN=HDD Toshiba SATA-III 10Tb HDWG460EZSTA N300 (7200rpm) 4096Mb 2.5 Rtl

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:21:56:26:aa:2f:8f:1e:46:37:79:06:c3:2b:cd:87:d7:aa:54:1a:71:9d:34:cf:b4:3f:5d:8b:67:80:24:9e
Signer

Actual PE Digest

c8:21:56:26:aa:2f:8f:1e:46:37:79:06:c3:2b:cd:87:d7:aa:54:1a:71:9d:34:cf:b4:3f:5d:8b:67:80:24:9e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 69KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Code Sign

63:24:4d:30:d2:a1:4a:b4:4a:ad:bd:9a:36:e4:da:5aCertificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

c8:21:56:26:aa:2f:8f:1e:46:37:79:06:c3:2b:cd:87:d7:aa:54:1a:71:9d:34:cf:b4:3f:5d:8b:67:80:24:9eSigner

Headers

DLL Characteristics

File Characteristics

Sections

Size: 69KB - Virtual size: 176KB

Size: 5KB - Virtual size: 16KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 8KB

.themida Size: - Virtual size: 5.5MB

.boot Size: 3.0MB - Virtual size: 3.0MB

63:24:4d:30:d2:a1:4a:b4:4a:ad:bd:9a:36:e4:da:5a
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

c8:21:56:26:aa:2f:8f:1e:46:37:79:06:c3:2b:cd:87:d7:aa:54:1a:71:9d:34:cf:b4:3f:5d:8b:67:80:24:9e
Signer

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 8KB

.themida
Size: - Virtual size: 5.5MB

.boot
Size: 3.0MB - Virtual size: 3.0MB