3[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

3.exe
Size

4.9MB
MD5

4853d6749d9406f13910b0e8ab5760e7
SHA1

cface44d1a60fbfd1858c7673239b25a452bd38a
SHA256

a84334a1d224fcce0fb3983245cffca4b123747c15432e38446da44603495717
SHA512

be5e480b8158a19b537e7af9206a4be96d8efa61dcd4667ad2f7146afefd2b3a74873c36daaa41f5f78889394a8c97e954f2c600043cb64947e8f07eac44c1a4
SSDEEP

98304:vDtQbxqvxEcENlU+eTRc1/j45vVrXY7WiX1UlG8PX7fJoGP:v+FqvbEA+ele/jKdrAllvC+GP

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

3.exe
.exe windows:5 windows x86 arch:x86

Code Sign

6a:94:21:70:5a:99:64:b3:c3:2d:6c:a9:f2:78:5f:e2
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

16/05/2022, 14:24

Not After

19/04/2024, 15:49

Subject

SERIALNUMBER=HRB 12582,CN=DigitalWorks UG (haftungsbeschränkt),O=DigitalWorks UG (haftungsbeschränkt),L=Röttenbach,ST=Bayern,C=DE,1.3.6.1.4.1.311.60.2.1.3=#13024445,1.3.6.1.4.1.311.60.2.1.2=#130642617965726e,1.3.6.1.4.1.311.60.2.1.1=#0c0646c3bc727468,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26/03/2019, 17:44

Not After

22/03/2034, 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

11/09/2018, 09:26

Not After

11/09/2023, 09:26

Subject

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f8:e5:3e:e6:b3:f6:b7:2e:75:d3:18:aa:d0:a0:1a:58:29:53:00:9e:69:50:d4:37:7e:a9:bb:78:08:81:bd:eb
Signer

Actual PE Digest

f8:e5:3e:e6:b3:f6:b7:2e:75:d3:18:aa:d0:a0:1a:58:29:53:00:9e:69:50:d4:37:7e:a9:bb:78:08:81:bd:eb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 461KB - Virtual size: 935KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 527KB - Virtual size: 761KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 16KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 36KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

6a:94:21:70:5a:99:64:b3:c3:2d:6c:a9:f2:78:5f:e2Certificate

Extended Key Usages

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4bCertificate

Extended Key Usages

Key Usages

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1cCertificate

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

f8:e5:3e:e6:b3:f6:b7:2e:75:d3:18:aa:d0:a0:1a:58:29:53:00:9e:69:50:d4:37:7e:a9:bb:78:08:81:bd:ebSigner

Headers

DLL Characteristics

File Characteristics

Sections

Size: 461KB - Virtual size: 935KB

Size: 527KB - Virtual size: 761KB

Size: 16KB - Virtual size: 50KB

Size: 512B - Virtual size: 952B

Size: 36KB - Virtual size: 65KB

.idata Size: 1024B - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

.themida Size: - Virtual size: 6.2MB

.boot Size: 3.9MB - Virtual size: 3.9MB

6a:94:21:70:5a:99:64:b3:c3:2d:6c:a9:f2:78:5f:e2
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

f8:e5:3e:e6:b3:f6:b7:2e:75:d3:18:aa:d0:a0:1a:58:29:53:00:9e:69:50:d4:37:7e:a9:bb:78:08:81:bd:eb
Signer

.idata
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.themida
Size: - Virtual size: 6.2MB

.boot
Size: 3.9MB - Virtual size: 3.9MB