stormkitty | beef5daf51dadc2acdbccc37a73ccfec

Sharing

Copy URL

Twitter E-mail

General

Target

beef5daf51dadc2acdbccc37a73ccfec
Size

3.6MB
MD5

beef5daf51dadc2acdbccc37a73ccfec
SHA1

1a49019a42f0a195828bf2a5e7b41013709cc8c9
SHA256

91eab57eaf00089ffd21329eb93e072c8eb7ed79e37c807f6db2859548c8b5d8
SHA512

f6021d968f28a2dbf25e58c0bd9b474662de542b9cdf9dc3454bc97ee30e23aa2bd754c455e6fc973f7cf4ead9ca5c9f186e0cb3f9f6dec1e2f9aa3b31f64580
SSDEEP

98304:qbkDpLr5n9Ov7NCnsAAS7QG0owscxF7ZLN:q2pA7NksAASUqwsOLN

Score

10^/10

themida stormkitty

Malware Config

Signatures

StormKitty payload 1 IoCs

resource	yara_rule
sample	family_stormkitty

Stormkitty family
stormkitty

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

beef5daf51dadc2acdbccc37a73ccfec
.exe windows:4 windows x86 arch:x86

Code Sign

09:94:80:69:8f:28:80:aa:5e:6c:ba:ce:72:f0:26:77
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20/10/2020, 00:00

Not After

24/10/2022, 23:59

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:59:8e:54:40:b9:73:36:e9:d0:8c:77:02:88:f2:67:f1:4a:e0:86
Signer

Actual PE Digest

27:59:8e:54:40:b9:73:36:e9:d0:8c:77:02:88:f2:67:f1:4a:e0:86

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 249KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

💳NVID
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

vmp0
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

09:94:80:69:8f:28:80:aa:5e:6c:ba:ce:72:f0:26:77Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

27:59:8e:54:40:b9:73:36:e9:d0:8c:77:02:88:f2:67:f1:4a:e0:86Signer

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 249KB - Virtual size: 256KB

.sdata Size: 9KB - Virtual size: 9KB

💳NVID Size: 192KB - Virtual size: 191KB

.reloc Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.themida Size: - Virtual size: 5.1MB

.boot Size: 2.9MB - Virtual size: 2.9MB

vmp0 Size: 2KB - Virtual size: 2KB

.rsrc Size: 192KB - Virtual size: 191KB

09:94:80:69:8f:28:80:aa:5e:6c:ba:ce:72:f0:26:77
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

27:59:8e:54:40:b9:73:36:e9:d0:8c:77:02:88:f2:67:f1:4a:e0:86
Signer

.text
Size: 249KB - Virtual size: 256KB

.sdata
Size: 9KB - Virtual size: 9KB

💳NVID
Size: 192KB - Virtual size: 191KB

.reloc
Size: 512B - Virtual size: 12B

.idata
Size: 512B - Virtual size: 8KB

.themida
Size: - Virtual size: 5.1MB

.boot
Size: 2.9MB - Virtual size: 2.9MB

vmp0
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 192KB - Virtual size: 191KB