Setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Setup.exe
Size

783.4MB
MD5

4ffa000030f6268b1d047d2b89fce513
SHA1

2223f408cb8ed277b7f5e42e39d3243b7e4cd55f
SHA256

5d46376b39635f21a690c67f43efa36b72fd7378cad25dba4e86cf4f6aa822b0
SHA512

cb01f83bc999c491b955bc13533f2cd823579d9213429d30f23c35e8a7fb50ab0ca958b6c26b2223983d6594d8fb19ba204735bc1ad1993f04b17db04c3c4450
SSDEEP

98304:nzHpK9gGM6225Am/LafIBcicYc6cicYc6cicYc6cicYc6cicYc6cicYc6cicYc6n:DCgGM6N5Am/mfIj

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

Setup.exe
.exe windows:5 windows x86 arch:x86

Code Sign

62:f8:12:a3:5f:52:bd:74:b7:18:d6:10:ac:4b:47:83
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

11/09/2018, 09:28

Not After

11/09/2023, 09:28

Subject

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26/03/2019, 17:44

Not After

22/03/2034, 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:55:9d:9a:1e:2f:c1:a4:79:d6:27:68:4d:11:3a:59
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/08/2021, 19:03

Not After

18/08/2024, 19:03

Subject

SERIALNUMBER=C 86211,CN=JetBrains s.r.o.,O=JetBrains s.r.o.,L=Prague,C=CZ,1.3.6.1.4.1.311.60.2.1.3=#1302435a,1.3.6.1.4.1.311.60.2.1.2=#1306507261677565,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

11/09/2018, 09:26

Not After

11/09/2023, 09:26

Subject

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

de:54:6e:e0:83:32:b6:33:22:24:94:5f:b0:ed:3b:70:8f:b4:25:dd:af:9c:91:21:2e:55:3c:99:fc:7f:f8:b5
Signer

Actual PE Digest

de:54:6e:e0:83:32:b6:33:22:24:94:5f:b0:ed:3b:70:8f:b4:25:dd:af:9c:91:21:2e:55:3c:99:fc:7f:f8:b5

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 57KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 17KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 454KB - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

62:f8:12:a3:5f:52:bd:74:b7:18:d6:10:ac:4b:47:83Certificate

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

78:55:9d:9a:1e:2f:c1:a4:79:d6:27:68:4d:11:3a:59Certificate

Extended Key Usages

Key Usages

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4bCertificate

Extended Key Usages

Key Usages

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1cCertificate

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

de:54:6e:e0:83:32:b6:33:22:24:94:5f:b0:ed:3b:70:8f:b4:25:dd:af:9c:91:21:2e:55:3c:99:fc:7f:f8:b5Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 57KB - Virtual size: 136KB

Size: 17KB - Virtual size: 44KB

Size: 1KB - Virtual size: 2.1MB

.rsrc Size: 454KB - Virtual size: 453KB

Size: 7KB - Virtual size: 20KB

.idata Size: 512B - Virtual size: 4KB

.themida Size: 4.3MB - Virtual size: 4.3MB

62:f8:12:a3:5f:52:bd:74:b7:18:d6:10:ac:4b:47:83
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

78:55:9d:9a:1e:2f:c1:a4:79:d6:27:68:4d:11:3a:59
Certificate

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

de:54:6e:e0:83:32:b6:33:22:24:94:5f:b0:ed:3b:70:8f:b4:25:dd:af:9c:91:21:2e:55:3c:99:fc:7f:f8:b5
Signer

.rsrc
Size: 454KB - Virtual size: 453KB

.idata
Size: 512B - Virtual size: 4KB

.themida
Size: 4.3MB - Virtual size: 4.3MB