redline | by RyoX [GoodyExpl0its][.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

by RyoX [GoodyExpl0its].rar
Size

5.1MB
MD5

dd2e5d9d53d73af35360869d9181e546
SHA1

54370b8941a6011b29aa4997fb44e435d2494f5d
SHA256

9df2f1f389119479fd7685350f70f2da11f541b79d1571fc51b67f3d183821c1
SHA512

37ffae2951429fe77c13a2acc1ba7f0e223ba683acd0031a6f7596fcaac8e31cfae282265f29d46a878d3d8f8f2b4865eee0fc611dd6055c9ad144c88675696a
SSDEEP

98304:yZS6y2zo/lQYUnplsTUjdBSdwS7atG2qfUNLKmNlGtF2qHAVxMmajCE0E:AST2EtHUnpHdodwS7X2qxYGtF2qgVWTf

Score

10^/10

themida redline

Malware Config

Signatures

Redline family
redline

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
static1/unpack001/Avrora.exe	themida

Files

by RyoX [GoodyExpl0its].rar
.rar

Password: mlwiLAAbvuKtBJMBc
Avrora.exe
.exe windows:4 windows x86 arch:x86

Password: mlwiLAAbvuKtBJMBc

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:46

Not After

11-05-2023 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:e2:29:fe:14:35:70:74:b6:6a:98:f8:0b:49:59:7c
Certificate

Issuer

CN=C2RService,O=C2RService,L=Redmond,ST=Washington,C=US

Not Before

17-02-2017 00:12

Not After

31-12-2039 23:59

Subject

CN=C2RService,O=C2RService,L=Redmond,ST=Washington,C=US

ee:6c:2c:79:fa:20:ef:50:9e:27:90:92:a5:a1:ea:4c:12:05:5a:b4:2e:c7:07:b5:1c:ea:d4:34:af:2a:95:a5
Signer

Actual PE Digest

ee:6c:2c:79:fa:20:ef:50:9e:27:90:92:a5:a1:ea:4c:12:05:5a:b4:2e:c7:07:b5:1c:ea:d4:34:af:2a:95:a5

Digest Algorithm

sha256

PE Digest Matches

false

ee:6c:2c:79:fa:20:ef:50:9e:27:90:92:a5:a1:ea:4c:12:05:5a:b4:2e:c7:07:b5:1c:ea:d4:34:af:2a:95:a5
Signer

Actual PE Digest

ee:6c:2c:79:fa:20:ef:50:9e:27:90:92:a5:a1:ea:4c:12:05:5a:b4:2e:c7:07:b5:1c:ea:d4:34:af:2a:95:a5

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 187KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 21KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
scripts/cef_100_percent.pak
.js
scripts/cef_200_percent.pak
.js

Sharing

General

Malware Config

Signatures

Files

Password: mlwiLAAbvuKtBJMBc

Password: mlwiLAAbvuKtBJMBc

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cdCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

15:e2:29:fe:14:35:70:74:b6:6a:98:f8:0b:49:59:7cCertificate

ee:6c:2c:79:fa:20:ef:50:9e:27:90:92:a5:a1:ea:4c:12:05:5a:b4:2e:c7:07:b5:1c:ea:d4:34:af:2a:95:a5Signer

ee:6c:2c:79:fa:20:ef:50:9e:27:90:92:a5:a1:ea:4c:12:05:5a:b4:2e:c7:07:b5:1c:ea:d4:34:af:2a:95:a5Signer

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 187KB - Virtual size: 192KB

Size: 21KB - Virtual size: 108KB

Size: 15B - Virtual size: 12B

.imports Size: 1024B - Virtual size: 8KB

.rsrc Size: 13KB - Virtual size: 13KB

.themida Size: - Virtual size: 6.4MB

.boot Size: 4.5MB - Virtual size: 4.5MB

.taggant Size: 8KB - Virtual size: 9KB

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

15:e2:29:fe:14:35:70:74:b6:6a:98:f8:0b:49:59:7c
Certificate

ee:6c:2c:79:fa:20:ef:50:9e:27:90:92:a5:a1:ea:4c:12:05:5a:b4:2e:c7:07:b5:1c:ea:d4:34:af:2a:95:a5
Signer

ee:6c:2c:79:fa:20:ef:50:9e:27:90:92:a5:a1:ea:4c:12:05:5a:b4:2e:c7:07:b5:1c:ea:d4:34:af:2a:95:a5
Signer

.text
Size: 187KB - Virtual size: 192KB

.imports
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 13KB - Virtual size: 13KB

.themida
Size: - Virtual size: 6.4MB

.boot
Size: 4.5MB - Virtual size: 4.5MB

.taggant
Size: 8KB - Virtual size: 9KB