F0C14237334AA13607D63808390CF84C4515142664A850773F1FE09561715E2E[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

F0C14237334AA13607D63808390CF84C4515142664A850773F1FE09561715E2E.zip
Size

3.6MB
MD5

c7b1d371df24a9f78a7db8f21a9ffb29
SHA1

213a50c5c3765bcacd901178736ff2f70f9f753a
SHA256

b421dbef5b807d441258a94e60a62341f084291dc975a7375ae0e74c8cff98e9
SHA512

ca34158f05b1899112b85daa1789945be43c89bff1b5d3c539a53b2eab546e9a7b029a3fbe529b137ba5c7116f1a395cd4d1092994d3eec35e762a3f2ba1cf87
SSDEEP

98304:aHzxfFcx9i//cQ3DihtkBvo7HfueawAinEXho:CcScOmYwWeJao

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/F0C14237334AA13607D63808390CF84C4515142664A850773F1FE09561715E2E	themida

Files

F0C14237334AA13607D63808390CF84C4515142664A850773F1FE09561715E2E.zip
.zip

Password: infected
F0C14237334AA13607D63808390CF84C4515142664A850773F1FE09561715E2E
.exe windows:6 windows x64 arch:x64

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:ec:f8:2e:b5:c1:60:c8:fe:eb:9d:23:9f:da:3f:e5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26/01/2022, 00:00

Not After

25/01/2024, 23:59

Subject

CN=MIDAS IT Co.\, Ltd.,O=MIDAS IT Co.\, Ltd.,L=Seongnam-si,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5f:0c:31:98:11:7e:54:7d:91:ee:bf:63:d3:1e:d0:7b:7b:26:02:07
Signer

Actual PE Digest

5f:0c:31:98:11:7e:54:7d:91:ee:bf:63:d3:1e:d0:7b:7b:26:02:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 33KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 15KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:ec:f8:2e:b5:c1:60:c8:fe:eb:9d:23:9f:da:3f:e5Certificate

Extended Key Usages

Key Usages

5f:0c:31:98:11:7e:54:7d:91:ee:bf:63:d3:1e:d0:7b:7b:26:02:07Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 33KB - Virtual size: 140KB

Size: 15KB - Virtual size: 72KB

Size: 1024B - Virtual size: 7KB

Size: 6KB - Virtual size: 10KB

Size: 2KB - Virtual size: 27KB

Size: 512B - Virtual size: 777B

Size: 512B - Virtual size: 283B

.rsrc Size: 9.1MB - Virtual size: 9.1MB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 1024B - Virtual size: 4KB

.themida Size: 2.7MB - Virtual size: 2.7MB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:ec:f8:2e:b5:c1:60:c8:fe:eb:9d:23:9f:da:3f:e5
Certificate

5f:0c:31:98:11:7e:54:7d:91:ee:bf:63:d3:1e:d0:7b:7b:26:02:07
Signer

.rsrc
Size: 9.1MB - Virtual size: 9.1MB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 1024B - Virtual size: 4KB

.themida
Size: 2.7MB - Virtual size: 2.7MB