b4c5bcd7d296acaa234e987a9ed4dc447a22494ab13262ae56ffa768b57f665a[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

b4c5bcd7d296acaa234e987a9ed4dc447a22494ab13262ae56ffa768b57f665a.zip
Size

2.4MB
MD5

d3547f6d41f8cdc3029c6033c07c9690
SHA1

f16b37afe35c88f26f0ac16b849b4242f584530b
SHA256

5e046d8bcfb9fd40dfc8a5e4d853d4f21cd9227c5fcf2ed48ff4784288afb33a
SHA512

d323e0f32e7aa8652ad9850f43ad17574778b8846a6b9c2679802839ce8f6d8cd6699a6aaed28834246c875ee7be159cccd96f5eb4ce367d92aff1e365ec5d17
SSDEEP

49152:DhbyF43gulIdnpPDhGnIGUW08Q2lfvACgP4tdfTsuEiIlgevDFs2+ll6O:Dhu0ypPgnICRQZP4tnENlgevDR86O

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/C/ProgramData/Sentinel/AFUCache/b4c5bcd7d296acaa234e987a9ed4dc447a22494ab13262ae56ffa768b57f665a	themida

Files

b4c5bcd7d296acaa234e987a9ed4dc447a22494ab13262ae56ffa768b57f665a.zip
.zip

Password: S1BinaryVault
C/ProgramData/Sentinel/AFUCache/b4c5bcd7d296acaa234e987a9ed4dc447a22494ab13262ae56ffa768b57f665a
.exe windows:6 windows x86 arch:x86

Password: S1BinaryVault

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:34:4c:eb:47:db:da:41:bd:0d:58:2c:92:18:17:8a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/04/2022, 00:00

Not After

29/04/2025, 23:59

Subject

SERIALNUMBER=0111-01-089911,CN=LINE Corporation,OU=IT Service Center,O=LINE Corporation,L=Shinjuku-ku,ST=Tokyo,C=JP,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024a50

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:34:4c:eb:47:db:da:41:bd:0d:58:2c:92:18:17:8a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/04/2022, 00:00

Not After

29/04/2025, 23:59

Subject

SERIALNUMBER=0111-01-089911,CN=LINE Corporation,OU=IT Service Center,O=LINE Corporation,L=Shinjuku-ku,ST=Tokyo,C=JP,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024a50

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:80:01:c3:e8:6a:a9:ac:0f:2c:74:d4:f4:91:4e:bd:e7:5d:2e:d3:4c:00:42:5c:d6:ae:32:be:dd:3a:e2:c2
Signer

Actual PE Digest

4e:80:01:c3:e8:6a:a9:ac:0f:2c:74:d4:f4:91:4e:bd:e7:5d:2e:d3:4c:00:42:5c:d6:ae:32:be:dd:3a:e2:c2

Digest Algorithm

sha256

PE Digest Matches

true

d2:fd:4f:31:f2:83:cf:c8:e0:23:15:d5:b6:95:ad:d2:02:0b:ae:14
Signer

Actual PE Digest

d2:fd:4f:31:f2:83:cf:c8:e0:23:15:d5:b6:95:ad:d2:02:0b:ae:14

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 19KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: S1BinaryVault

Password: S1BinaryVault

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

09:34:4c:eb:47:db:da:41:bd:0d:58:2c:92:18:17:8aCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:34:4c:eb:47:db:da:41:bd:0d:58:2c:92:18:17:8aCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

4e:80:01:c3:e8:6a:a9:ac:0f:2c:74:d4:f4:91:4e:bd:e7:5d:2e:d3:4c:00:42:5c:d6:ae:32:be:dd:3a:e2:c2Signer

d2:fd:4f:31:f2:83:cf:c8:e0:23:15:d5:b6:95:ad:d2:02:0b:ae:14Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 12KB - Virtual size: 25KB

Size: 2KB - Virtual size: 9KB

Size: 512B - Virtual size: 1KB

Size: 19KB - Virtual size: 53KB

Size: 2KB - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 4KB

.rsrc Size: 50KB - Virtual size: 50KB

.themida Size: - Virtual size: 3.9MB

.boot Size: 2.4MB - Virtual size: 2.4MB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

09:34:4c:eb:47:db:da:41:bd:0d:58:2c:92:18:17:8a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:34:4c:eb:47:db:da:41:bd:0d:58:2c:92:18:17:8a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

4e:80:01:c3:e8:6a:a9:ac:0f:2c:74:d4:f4:91:4e:bd:e7:5d:2e:d3:4c:00:42:5c:d6:ae:32:be:dd:3a:e2:c2
Signer

d2:fd:4f:31:f2:83:cf:c8:e0:23:15:d5:b6:95:ad:d2:02:0b:ae:14
Signer

.idata
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 50KB - Virtual size: 50KB

.themida
Size: - Virtual size: 3.9MB

.boot
Size: 2.4MB - Virtual size: 2.4MB