StormFN_Launcher[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

StormFN_Launcher.rar
Size

10.5MB
MD5

f8e739d5e182181671fa2eeb5207bcbb
SHA1

81ddf59626a952d6e040d5edd6af96c183605bce
SHA256

d3b68559bbc6b0362ece98c4338123b9a3b44747cfd4030bb5235dd2c673fe31
SHA512

0debbe8bc9963dae9c207fef34b5b372df9ab2527e68b9d01f300bdce2a8c619b4fc0ad12d7cf353596832abfbdd4efa5a5ecfe55c958141be32451c2b803045
SSDEEP

196608:pOECZ9hDgW5JviAWRaWqTnJvfRb+qDtveIDaOOw2507eyMdEK6iW6J:AFgykA1HfRb+qBveIHYelMac

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/StormFN Launcher/StormFN.exe	themida

Files

StormFN_Launcher.rar
.rar

Password: trtr
StormFN Launcher/StormFN.deps.json
StormFN Launcher/StormFN.dll
.exe windows:4 windows x86 arch:x86

Password: trtr

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

7c:af:69:0a:25:b7:39:fe:7b:9b:44:7a:c1:78:c5:ee
Certificate

Issuer

CN=Apple Root CA,OU=Apple Certification Authority,O=Apple Inc.,C=US

Not Before

19/02/2020, 18:13

Not After

20/02/2030, 00:00

Subject

CN=Apple Worldwide Developer Relations Certification Authority,OU=G3,O=Apple Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:c1:46:c4:65:35:5f:be:4c:b9:55:09:46:da:2d:cf
Certificate

Issuer

CN=Apple Worldwide Developer Relations Certification Authority,OU=G3,O=Apple Inc.,C=US

Not Before

16/07/2021, 05:42

Not After

15/07/2024, 05:42

Subject

CN=iPhone Distribution: China Mobile Group Jiangsu Company Limited,OU=852BN2UPEC,O=China Mobile Group Jiangsu Company Limited,C=US,0.9.2342.19200300.100.1.1=#130a383532424e3255504543

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:09:81:f0:cf:17:0e:d0:a4:12:e3:39:9a:49:54:a1:5b:55:7e:de:2a:47:ef:71:12:61:81:ef:d6:38:82:24
Signer

Actual PE Digest

93:09:81:f0:cf:17:0e:d0:a4:12:e3:39:9a:49:54:a1:5b:55:7e:de:2a:47:ef:71:12:61:81:ef:d6:38:82:24

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\roka\Downloads\StormFN\StormFN\StormFN\obj\Debug\net6.0-windows\StormFN.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StormFN Launcher/StormFN.exe
.exe windows:6 windows x64 arch:x64

Password: trtr

Code Sign

7c:af:69:0a:25:b7:39:fe:7b:9b:44:7a:c1:78:c5:ee
Certificate

Issuer

CN=Apple Root CA,OU=Apple Certification Authority,O=Apple Inc.,C=US

Not Before

19/02/2020, 18:13

Not After

20/02/2030, 00:00

Subject

CN=Apple Worldwide Developer Relations Certification Authority,OU=G3,O=Apple Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:c1:46:c4:65:35:5f:be:4c:b9:55:09:46:da:2d:cf
Certificate

Issuer

CN=Apple Worldwide Developer Relations Certification Authority,OU=G3,O=Apple Inc.,C=US

Not Before

16/07/2021, 05:42

Not After

15/07/2024, 05:42

Subject

CN=iPhone Distribution: China Mobile Group Jiangsu Company Limited,OU=852BN2UPEC,O=China Mobile Group Jiangsu Company Limited,C=US,0.9.2342.19200300.100.1.1=#130a383532424e3255504543

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:ff:d9:fe:17:58:6d:7f:9a:1c:64:76:01:b6:de:de:06:3e:fd:74:5a:8e:98:64:16:36:c1:f1:1a:02:7e:3b
Signer

Actual PE Digest

d7:ff:d9:fe:17:58:6d:7f:9a:1c:64:76:01:b6:de:de:06:3e:fd:74:5a:8e:98:64:16:36:c1:f1:1a:02:7e:3b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 45KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 11KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 472B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 131B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 722B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
StormFN Launcher/StormFN.runtimeconfig.json
StormFN Launcher/runtimes/win/lib/net6.0/System.Diagnostics.EventLog.Messages.dll
.dll windows:4 windows x86 arch:x86

Password: trtr

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/02/2021, 20:09

Not After

10/02/2022, 20:09

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f3:16:c3:e5:c1:55:15:ca:ae:f2:78:1d:2e:12:f8:a3:86:73:f2:ce:e9:24:ba:07:31:c6:0d:f7:8e:91:67:c6
Signer

Actual PE Digest

f3:16:c3:e5:c1:55:15:ca:ae:f2:78:1d:2e:12:f8:a3:86:73:f2:ce:e9:24:ba:07:31:c6:0d:f7:8e:91:67:c6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/artifacts/obj/System.Diagnostics.EventLog.Messages/netstandard2.0-Release/System.Diagnostics.EventLog.Messages.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 768KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: trtr

Password: trtr

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

7c:af:69:0a:25:b7:39:fe:7b:9b:44:7a:c1:78:c5:eeCertificate

Key Usages

31:c1:46:c4:65:35:5f:be:4c:b9:55:09:46:da:2d:cfCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

93:09:81:f0:cf:17:0e:d0:a4:12:e3:39:9a:49:54:a1:5b:55:7e:de:2a:47:ef:71:12:61:81:ef:d6:38:82:24Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 7.2MB - Virtual size: 7.2MB

.rsrc Size: 63KB - Virtual size: 62KB

.reloc Size: 512B - Virtual size: 12B

Password: trtr

Code Sign

7c:af:69:0a:25:b7:39:fe:7b:9b:44:7a:c1:78:c5:eeCertificate

Key Usages

31:c1:46:c4:65:35:5f:be:4c:b9:55:09:46:da:2d:cfCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

d7:ff:d9:fe:17:58:6d:7f:9a:1c:64:76:01:b6:de:de:06:3e:fd:74:5a:8e:98:64:16:36:c1:f1:1a:02:7e:3bSigner

Headers

DLL Characteristics

File Characteristics

Sections

Size: 45KB - Virtual size: 96KB

Size: 11KB - Virtual size: 36KB

Size: 472B - Virtual size: 5KB

Size: 2KB - Virtual size: 5KB

Size: 131B - Virtual size: 244B

Size: 2KB - Virtual size: 62KB

Size: 722B - Virtual size: 792B

.imports Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 63KB - Virtual size: 63KB

.themida Size: - Virtual size: 5.7MB

.boot Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 16B - Virtual size: 4KB

Password: trtr

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

f3:16:c3:e5:c1:55:15:ca:ae:f2:78:1d:2e:12:f8:a3:86:73:f2:ce:e9:24:ba:07:31:c6:0d:f7:8e:91:67:c6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 2KB - Virtual size: 2KB

.rsrc Size: 768KB - Virtual size: 768KB

.reloc Size: 512B - Virtual size: 12B

7c:af:69:0a:25:b7:39:fe:7b:9b:44:7a:c1:78:c5:ee
Certificate

31:c1:46:c4:65:35:5f:be:4c:b9:55:09:46:da:2d:cf
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

93:09:81:f0:cf:17:0e:d0:a4:12:e3:39:9a:49:54:a1:5b:55:7e:de:2a:47:ef:71:12:61:81:ef:d6:38:82:24
Signer

.text
Size: 7.2MB - Virtual size: 7.2MB

.rsrc
Size: 63KB - Virtual size: 62KB

.reloc
Size: 512B - Virtual size: 12B

7c:af:69:0a:25:b7:39:fe:7b:9b:44:7a:c1:78:c5:ee
Certificate

31:c1:46:c4:65:35:5f:be:4c:b9:55:09:46:da:2d:cf
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

d7:ff:d9:fe:17:58:6d:7f:9a:1c:64:76:01:b6:de:de:06:3e:fd:74:5a:8e:98:64:16:36:c1:f1:1a:02:7e:3b
Signer

.imports
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 63KB - Virtual size: 63KB

.themida
Size: - Virtual size: 5.7MB

.boot
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 16B - Virtual size: 4KB

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

f3:16:c3:e5:c1:55:15:ca:ae:f2:78:1d:2e:12:f8:a3:86:73:f2:ce:e9:24:ba:07:31:c6:0d:f7:8e:91:67:c6
Signer

.text
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 768KB - Virtual size: 768KB

.reloc
Size: 512B - Virtual size: 12B