file[.]exe | Triage

Resubmissions

22/12/2023, 15:59

231222-te6zlaeff6 10

02/09/2022, 15:54

220902-tb7rqagdgp 10

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

3.9MB
MD5

63aebc18a567a7505904d389bdeacea7
SHA1

d638828171b31c8321ea3b0744914ea371915434
SHA256

d4cc1d0a9d877794c120852e9ceab34983fcf2c1e4d4f4a131826a4e8c47a348
SHA512

14e03c98b25d19f60547c263216b75a664cc29663b0093a5cf99b0741f71ac35678cd7d45a7c1a3fd1014a8ba961b4bdea265e3bc53cdc80a2556713b7139973
SSDEEP

49152:cE1F6eQ+y5kyPXKITf2476sJzZ0yT8W+J6YDUCOrFq6gtgIy6JVDBSmmTqG+1A:cVf24fF0yT87KJcmWrdoq2

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

file.exe
.exe windows:6 windows x86 arch:x86

Code Sign

5b:7d:41:7b:ac:e4:f2:90:46:b3:6b:96:ee:9e:7d:26
Certificate

Issuer

CN=jbl Słuchawki nauszne JBL LIVE 900 Biały

Not Before

31/08/2022, 14:24

Not After

01/09/2032, 14:24

Subject

CN=jbl Słuchawki nauszne JBL LIVE 900 Biały

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b0:ae:fc:71:97:81:5d:27:82:dc:2f:f9:b0:5f:af:26:9e:08:c9:ee:03:4c:ab:3a:65:cc:dd:9b:29:4e:3c:b4
Signer

Actual PE Digest

b0:ae:fc:71:97:81:5d:27:82:dc:2f:f9:b0:5f:af:26:9e:08:c9:ee:03:4c:ab:3a:65:cc:dd:9b:29:4e:3c:b4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 97KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 28KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Code Sign

5b:7d:41:7b:ac:e4:f2:90:46:b3:6b:96:ee:9e:7d:26Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

b0:ae:fc:71:97:81:5d:27:82:dc:2f:f9:b0:5f:af:26:9e:08:c9:ee:03:4c:ab:3a:65:cc:dd:9b:29:4e:3c:b4Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 97KB - Virtual size: 183KB

Size: 28KB - Virtual size: 59KB

Size: 1024B - Virtual size: 8KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

Size: 8KB - Virtual size: 9KB

.idata Size: 512B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 3.3MB

.boot Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 16B - Virtual size: 4KB

5b:7d:41:7b:ac:e4:f2:90:46:b3:6b:96:ee:9e:7d:26
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

b0:ae:fc:71:97:81:5d:27:82:dc:2f:f9:b0:5f:af:26:9e:08:c9:ee:03:4c:ab:3a:65:cc:dd:9b:29:4e:3c:b4
Signer

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.idata
Size: 512B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 3.3MB

.boot
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 16B - Virtual size: 4KB