update[.]exe | Triage

Resubmissions

11-03-2024 18:13

240311-wt6ngsac7w 9

11-03-2024 18:06

240311-wp2tqsab5z 9

Sharing

Copy URL

Twitter E-mail

General

Target

update.exe
Size

9.6MB
MD5

3b85c21e398ff87a3106a6d95dcfe422
SHA1

2984f55bcd09779f268cd1f3fc678d9b754170ba
SHA256

eae46c15fad3b0623ed1c72949a4ae430f4efe1f22f935dda6f17fe746918595
SHA512

60252f20cfe61bee1d622dcc7c99e53dab5ff7d9a9e00351b41cdd9b11dd4d0fc7dffc2eb0cdaeec7d4696d83e31ba273da089a79a0496a9be293ed978fe091f
SSDEEP

196608:23MHgPbf5cxqMYkdIMhr3IOJQ2/csUHXiDxyklIAjbvVrP8eYfUV:4ltSqMYHMhr3hnwHyDgklIAvVAhUV

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

update.exe
.exe windows:6 windows x64 arch:x64

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:a1:64:d8:96:51:c2:2b:06:db:56:79:aa:09:d2:7f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

04-04-2023 00:00

Not After

03-04-2026 23:59

Subject

CN=Manthe Industries\, LLC,O=Manthe Industries\, LLC,L=Green Bay,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:60:ae:df:f6:bd:89:2a:dc:de:2c:7e:dc:ac:48:2c:fb:6d:48:36
Signer

Actual PE Digest

16:60:ae:df:f6:bd:89:2a:dc:de:2c:7e:dc:ac:48:2c:fb:6d:48:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 1.4MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 338KB - Virtual size: 981KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 136KB - Virtual size: 489KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 117KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 43KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 10.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:a1:64:d8:96:51:c2:2b:06:db:56:79:aa:09:d2:7fCertificate

Extended Key Usages

Key Usages

16:60:ae:df:f6:bd:89:2a:dc:de:2c:7e:dc:ac:48:2c:fb:6d:48:36Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 1.4MB - Virtual size: 3.6MB

Size: 338KB - Virtual size: 981KB

Size: 136KB - Virtual size: 489KB

Size: 117KB - Virtual size: 219KB

Size: 512B - Virtual size: 348B

Size: 43KB - Virtual size: 54KB

Size: 8KB - Virtual size: 36KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

.themida Size: - Virtual size: 10.5MB

.boot Size: 7.5MB - Virtual size: 7.5MB

.reloc Size: 16B - Virtual size: 4KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:a1:64:d8:96:51:c2:2b:06:db:56:79:aa:09:d2:7f
Certificate

16:60:ae:df:f6:bd:89:2a:dc:de:2c:7e:dc:ac:48:2c:fb:6d:48:36
Signer

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB

.themida
Size: - Virtual size: 10.5MB

.boot
Size: 7.5MB - Virtual size: 7.5MB

.reloc
Size: 16B - Virtual size: 4KB