3[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

3.exe
Size

6.0MB
MD5

c66debe215d85ae1cbcd1f17adadc537
SHA1

06ab9a7796ce0abdf7a7b16491f51da1c748a3c0
SHA256

1a3fa79108046a649b66729b8edf05b719afcdb3b122e598320c157a0c67346b
SHA512

de09db86fc4904dd06a6c202b1e9976fe3dc437c85dfc52a4067a57eeb8c8ebb4f1c36318321ffbb5c07c9e406b80f2090ca5591fd7b9bb3dc8de40b351b6cb8
SSDEEP

98304:8QRcxDelq8W0UE//RVQFD25ZQ6Du2ig0Rm9wSBENM9wui:8QRjveE//RWYZN19wSauwu

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

3.exe
.exe windows:5 windows x86 arch:x86

Code Sign

6a:94:21:70:5a:99:64:b3:c3:2d:6c:a9:f2:78:5f:e2
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

16-05-2022 14:24

Not After

19-04-2024 15:49

Subject

SERIALNUMBER=HRB 12582,CN=DigitalWorks UG (haftungsbeschränkt),O=DigitalWorks UG (haftungsbeschränkt),L=Röttenbach,ST=Bayern,C=DE,1.3.6.1.4.1.311.60.2.1.3=#13024445,1.3.6.1.4.1.311.60.2.1.2=#130642617965726e,1.3.6.1.4.1.311.60.2.1.1=#0c0646c3bc727468,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26-03-2019 17:44

Not After

22-03-2034 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09-12-2022 18:30

Not After

06-12-2032 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13-11-2019 18:50

Not After

12-11-2034 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:be:5c:ff:26:14:ae:39:98:36:b7:6a:a0:7f:1e:ac:e8:6f:93:5a:5d:73:a1:79:5c:96:13:87:9c:d9:f4:8d
Signer

Actual PE Digest

ea:be:5c:ff:26:14:ae:39:98:36:b7:6a:a0:7f:1e:ac:e8:6f:93:5a:5d:73:a1:79:5c:96:13:87:9c:d9:f4:8d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 483KB - Virtual size: 944KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 536KB - Virtual size: 765KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 17KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 49KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

6a:94:21:70:5a:99:64:b3:c3:2d:6c:a9:f2:78:5f:e2Certificate

Extended Key Usages

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4bCertificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

ea:be:5c:ff:26:14:ae:39:98:36:b7:6a:a0:7f:1e:ac:e8:6f:93:5a:5d:73:a1:79:5c:96:13:87:9c:d9:f4:8dSigner

Headers

DLL Characteristics

File Characteristics

Sections

Size: 483KB - Virtual size: 944KB

Size: 536KB - Virtual size: 765KB

Size: 17KB - Virtual size: 50KB

Size: 512B - Virtual size: 952B

Size: 49KB - Virtual size: 66KB

.idata Size: 1024B - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

.themida Size: - Virtual size: 7.4MB

.boot Size: 4.9MB - Virtual size: 4.9MB

6a:94:21:70:5a:99:64:b3:c3:2d:6c:a9:f2:78:5f:e2
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

ea:be:5c:ff:26:14:ae:39:98:36:b7:6a:a0:7f:1e:ac:e8:6f:93:5a:5d:73:a1:79:5c:96:13:87:9c:d9:f4:8d
Signer

.idata
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.themida
Size: - Virtual size: 7.4MB

.boot
Size: 4.9MB - Virtual size: 4.9MB