cb4118382e3f97f0db04938a4e31e3e1[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

cb4118382e3f97f0db04938a4e31e3e1.bin
Size

3.8MB
MD5

90297aba4df497680673cb0c2152f48c
SHA1

4238491d13e63519916a7a3a40afa22a813fe496
SHA256

3a6610abad08c3e14c04f797c11d6723f8db2131593e83274744a01347415c2d
SHA512

b0502312c4d157595256f7a1367b116b0b6d5ba9744bd932a85c18a1235c43ec8e2d657bb5310612b4df034d310dce7d9e0a06da9690f132f5a11a71c20a9f86
SSDEEP

98304:b9xDGldchjZlwesfRs5qPXmT6tszUJAIVjJwBDx8CgP5e:JxVjZrsfyAW2+UJpjJwhuY

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/fcd465bfb29ad1ee9c3344c27035fe6721f7c634ae714db808454b2d14e6ecd3.exe	themida

Files

cb4118382e3f97f0db04938a4e31e3e1.bin
.zip

Password: infected
fcd465bfb29ad1ee9c3344c27035fe6721f7c634ae714db808454b2d14e6ecd3.exe
.exe windows:6 windows x64 arch:x64

Password: infected

023aae353653db016d3a89da454d1d86

Code Sign

3a:02:06:9d:08:4a:9b:ae:45:54:63:5c:0d:b9:5a:8d
Certificate

Issuer

CN=œáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åz

Not Before

13/04/2024, 09:26

Not After

14/04/2034, 09:26

Subject

CN=œáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åz

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:db:65:9e:0f:7c:ef:62:65:4b:32:66:f0:b6:12:ad:41:69:07:50:34:ed:90:d0:2e:33:7b:f7:ec:42:47:50
Signer

Actual PE Digest

d8:db:65:9e:0f:7c:ef:62:65:4b:32:66:f0:b6:12:ad:41:69:07:50:34:ed:90:d0:2e:33:7b:f7:ec:42:47:50

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

GetCursorPos

advapi32

RegCloseKey

shell32

SHGetFolderPathA

ole32

CoCreateInstance

oleaut32

VariantClear

Sections

.text
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp(¿R
Size: - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp(¿R
Size: - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp(¿R
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp(¿R
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 323KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

023aae353653db016d3a89da454d1d86

Code Sign

3a:02:06:9d:08:4a:9b:ae:45:54:63:5c:0d:b9:5a:8dCertificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

d8:db:65:9e:0f:7c:ef:62:65:4b:32:66:f0:b6:12:ad:41:69:07:50:34:ed:90:d0:2e:33:7b:f7:ec:42:47:50Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: - Virtual size: 1.6MB

.rdata Size: - Virtual size: 284KB

.data Size: - Virtual size: 44KB

.pdata Size: - Virtual size: 60KB

_RDATA Size: - Virtual size: 500B

.vmp(¿R Size: - Virtual size: 322KB

.reloc Size: - Virtual size: 8KB

.idata Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.themida Size: - Virtual size: 4.5MB

.vmp(¿R Size: - Virtual size: 408KB

.vmp(¿R Size: 1024B - Virtual size: 976B

.vmp(¿R Size: 3.8MB - Virtual size: 3.8MB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 323KB - Virtual size: 322KB

3a:02:06:9d:08:4a:9b:ae:45:54:63:5c:0d:b9:5a:8d
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

d8:db:65:9e:0f:7c:ef:62:65:4b:32:66:f0:b6:12:ad:41:69:07:50:34:ed:90:d0:2e:33:7b:f7:ec:42:47:50
Signer

.text
Size: - Virtual size: 1.6MB

.rdata
Size: - Virtual size: 284KB

.data
Size: - Virtual size: 44KB

.pdata
Size: - Virtual size: 60KB

_RDATA
Size: - Virtual size: 500B

.vmp(¿R
Size: - Virtual size: 322KB

.reloc
Size: - Virtual size: 8KB

.idata
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 4.5MB

.vmp(¿R
Size: - Virtual size: 408KB

.vmp(¿R
Size: 1024B - Virtual size: 976B

.vmp(¿R
Size: 3.8MB - Virtual size: 3.8MB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 323KB - Virtual size: 322KB