SecuriteInfo[.]com[.]Trojan[.]MulDrop27[.]60595[.]3023[.]22709[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.MulDrop27.60595.3023.22709.exe
Size

6.1MB
MD5

6044436058d895c5f11bd69742675411
SHA1

d55350aa01ca32a5d5f015d892eeae3edc81189c
SHA256

564570e26c2e8682c181ffbba655590a5cce262ffa6ab73467dff64e9a65904c
SHA512

a88d7f47aa96209aacfb3ef1d9421ffb3542b44e49cf89f0c63ec1c311039f756a2e4df4ddbe3678995d07600de7eaff8219a9b07d02433a89bfc9a302d941c5
SSDEEP

196608:M7hj6BjDRSmA/+7e6CvlLb4QZDfNaBYqymNh8:M7t6BfRxA/+TCvRbtxNaBYqFU

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

SecuriteInfo.com.Trojan.MulDrop27.60595.3023.22709.exe
.exe windows:6 windows x86 arch:x86

0cd95e000e9bfea5f12553217464abb6

Code Sign

4e:04:2c:42:f9:de:68:8e:4a:6f:c2:f8:41:40:d4:f9
Certificate

Issuer

CN=Logitech H153 Wired Headset Black 2.0 overhead 20 Hz - 20000 Hz 22Ω corded cable - 1.8 m

Not Before

23/11/2023, 09:28

Not After

24/11/2033, 09:28

Subject

CN=Logitech H153 Wired Headset Black 2.0 overhead 20 Hz - 20000 Hz 22Ω corded cable - 1.8 m

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:c1:83:41:75:1c:85:61:c6:9a:7a:21:4f:e4:8c:11:9d:83:db:65:c9:9d:76:67:05:37:bf:74:34:70:8e:fc
Signer

Actual PE Digest

c2:c1:83:41:75:1c:85:61:c6:9a:7a:21:4f:e4:8c:11:9d:83:db:65:c9:9d:76:67:05:37:bf:74:34:70:8e:fc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetClipboardData
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegSetValueExA

shell32

ShellExecuteExW

ole32

CoTaskMemFree

Sections

Size: - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 960KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0cd95e000e9bfea5f12553217464abb6

Code Sign

4e:04:2c:42:f9:de:68:8e:4a:6f:c2:f8:41:40:d4:f9Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

c2:c1:83:41:75:1c:85:61:c6:9a:7a:21:4f:e4:8c:11:9d:83:db:65:c9:9d:76:67:05:37:bf:74:34:70:8e:fcSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

Size: - Virtual size: 162KB

Size: - Virtual size: 67KB

Size: - Virtual size: 7KB

Size: - Virtual size: 1KB

Size: - Virtual size: 9KB

.imports Size: - Virtual size: 4KB

Size: - Virtual size: 4KB

.themida Size: - Virtual size: 3.9MB

.boot Size: - Virtual size: 2.4MB

Size: - Virtual size: 1KB

Size: - Virtual size: 1.5MB

Size: 6.0MB - Virtual size: 6.0MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 135KB - Virtual size: 960KB

4e:04:2c:42:f9:de:68:8e:4a:6f:c2:f8:41:40:d4:f9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

c2:c1:83:41:75:1c:85:61:c6:9a:7a:21:4f:e4:8c:11:9d:83:db:65:c9:9d:76:67:05:37:bf:74:34:70:8e:fc
Signer

.imports
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 3.9MB

.boot
Size: - Virtual size: 2.4MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 135KB - Virtual size: 960KB