craftrise-x64[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

craftrise-x64.exe
Size

15.2MB
MD5

3982ed9cde49aa9f32f50204c5f22c80
SHA1

c9097e710fa660598b0ad93a2ec8f6b2e5ed077d
SHA256

285f0acb1aa2cc58e7a509df3234ae8fb950d6942b1782050f4a62b405446cf1
SHA512

70547254fd7619d97e6cff8b331fddcccb9eca45e0b3ba04158a8925864e26efe0bc10a282bdfb8dad21b65288c785b1b3c003e3dc2fc4a7299293d46f99dfe2
SSDEEP

393216:T454ItsLe/L+RNYzj8bahTFYxTTxSL8XW5YNNCbimY:To4csLeDkNYnWEYxfzXW5VY

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

craftrise-x64.exe
.exe windows:6 windows x64 arch:x64

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:5a:f1:11:a9:e1:80:67:5a:33:5d:f9:e6:48:53:6e
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

20-02-2023 00:00

Not After

19-02-2026 23:59

Subject

SERIALNUMBER=263286-5,CN=RIDEV YAZILIM SİSTEMLERİ LTD ŞTİ,O=RIDEV YAZILIM SİSTEMLERİ LTD ŞTİ,ST=İstanbul,C=TR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025452

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8e:5f:47:f9:69:12:6c:91:32:eb:f2:b4:37:64:2f:57:e4:46:7e:92:2e:a2:c4:45:43:74:e2:22:ef:6d:ac:a8
Signer

Actual PE Digest

8e:5f:47:f9:69:12:6c:91:32:eb:f2:b4:37:64:2f:57:e4:46:7e:92:2e:a2:c4:45:43:74:e2:22:ef:6d:ac:a8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 317KB - Virtual size: 654KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 64KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 22KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 10KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 21.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 14.8MB - Virtual size: 14.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

29:5a:f1:11:a9:e1:80:67:5a:33:5d:f9:e6:48:53:6eCertificate

Extended Key Usages

Key Usages

8e:5f:47:f9:69:12:6c:91:32:eb:f2:b4:37:64:2f:57:e4:46:7e:92:2e:a2:c4:45:43:74:e2:22:ef:6d:ac:a8Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 317KB - Virtual size: 654KB

Size: 64KB - Virtual size: 149KB

Size: 2KB - Virtual size: 19KB

Size: 22KB - Virtual size: 45KB

Size: 512B - Virtual size: 348B

Size: 10KB - Virtual size: 24KB

Size: 2KB - Virtual size: 2KB

.idata Size: 512B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 24KB - Virtual size: 24KB

.themida Size: - Virtual size: 21.3MB

.boot Size: 14.8MB - Virtual size: 14.8MB

.reloc Size: 16B - Virtual size: 4KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

29:5a:f1:11:a9:e1:80:67:5a:33:5d:f9:e6:48:53:6e
Certificate

8e:5f:47:f9:69:12:6c:91:32:eb:f2:b4:37:64:2f:57:e4:46:7e:92:2e:a2:c4:45:43:74:e2:22:ef:6d:ac:a8
Signer

.idata
Size: 512B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 24KB - Virtual size: 24KB

.themida
Size: - Virtual size: 21.3MB

.boot
Size: 14.8MB - Virtual size: 14.8MB

.reloc
Size: 16B - Virtual size: 4KB