KRD007982_2024-05-16_13_21_56[.]381[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

KRD007982_2024-05-16_13_21_56.381.zip
Size

2.3MB
MD5

b15fb1f3b13a2c0b42151389aa2a768c
SHA1

b51a2790bda32ba5839249a6681d417e247233b9
SHA256

a4fa350c7a5b327afc2a4799e622aa3d14e37f340eee99f5ab93563ad680c339
SHA512

9c9fdebcc3861ddee810d71085a444401882bfca19002f9f2c305d0139bec745a9039fb972c91790f27c831454faf61ff2471d1236fc7548b6b29ee8bd3bb441
SSDEEP

49152:h/ZNy8lS7LsIirnP6NwAFp6C/srflS8zIXkAvFPx6UxAVjpwJE9CWC7qpIVW7KTC:hREVys6C/4dI0MeUmoJE9C77/U7m72

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/Device/HarddiskVolume3/PROGRAM FILES (X86)/Wizvera/Delfino-G3/delfino.exe	themida

Files

KRD007982_2024-05-16_13_21_56.381.zip
.zip

Password: Infected!!
Device/HarddiskVolume3/PROGRAM FILES (X86)/Wizvera/Delfino-G3/delfino.exe
.exe windows:5 windows x86 arch:x86

Password: Infected!!

Code Sign

0b:e2:ae:d5:32:a4:04:59:c7:1e:e8:0b:0f:c2:24:a3
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/09/2020, 00:00

Not After

12/09/2023, 12:00

Subject

SERIALNUMBER=110111-3810929,CN=WIZVERA Co.\, Ltd.,O=WIZVERA Co.\, Ltd.,L=Songpa-gu,ST=Seoul,C=KR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130553656f756c,1.3.6.1.4.1.311.60.2.1.3=#13024b52

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fb:a7:82:45:e5:59:c9:5e:aa:ca:08:93:99:c4:52:ad:60:e7:c9:6e:60:3c:48:1a:41:d4:c3:88:8e:50:51:11
Signer

Actual PE Digest

fb:a7:82:45:e5:59:c9:5e:aa:ca:08:93:99:c4:52:ad:60:e7:c9:6e:60:3c:48:1a:41:d4:c3:88:8e:50:51:11

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: Infected!!

Password: Infected!!

Code Sign

0b:e2:ae:d5:32:a4:04:59:c7:1e:e8:0b:0f:c2:24:a3Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

fb:a7:82:45:e5:59:c9:5e:aa:ca:08:93:99:c4:52:ad:60:e7:c9:6e:60:3c:48:1a:41:d4:c3:88:8e:50:51:11Signer

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 93KB - Virtual size: 92KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 13KB - Virtual size: 12KB

.idata Size: 512B - Virtual size: 4KB

.themida Size: 3.9MB - Virtual size: 3.9MB

0b:e2:ae:d5:32:a4:04:59:c7:1e:e8:0b:0f:c2:24:a3
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

fb:a7:82:45:e5:59:c9:5e:aa:ca:08:93:99:c4:52:ad:60:e7:c9:6e:60:3c:48:1a:41:d4:c3:88:8e:50:51:11
Signer

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 13KB - Virtual size: 12KB

.idata
Size: 512B - Virtual size: 4KB

.themida
Size: 3.9MB - Virtual size: 3.9MB