Software v1[.]12[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Software v1.12.rar
Size

6.6MB
MD5

26ff140af0e440cde853d133b16aa761
SHA1

167fee0b926feb95c9c67d2ce23588e7a01303a3
SHA256

62e1728300f3d600fe8010c420b3c1a1799f60badde32ff2a994f875887d5a4d
SHA512

a38ff09e81263313e3332ea1b6e1202977f514df52b1bebd5fc63e33d3acf6af1f943fe306d4da4f103beafb22b4417d98e98eb6e22003ae95631d263a8fc6e3
SSDEEP

196608:orX9l7VzFUzBa/gty+/T7WGrppsOmzaP8GbUH:IXj7Vz+zkIvTDpsOmzezS

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/Software v1.12.exe	themida

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Laguage.pimx
unpack001/Main.dll

Files

Software v1.12.rar
.rar

Password: freehack
Debug/cef_100_percent.pak
.js
Debug/cef_200_percent.pak
.js
LICENSE.dll
Laguage.pimx
.dll windows:5 windows x86 arch:x86

Password: freehack

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

�.rsrc
Size: 384KB - Virtual size: 310KB

@.reloc
Size: 1.2MB - Virtual size: 1.2MB
Main.dll
.dll windows:5 windows x86 arch:x86

Password: freehack

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Packaged/CefSharp.Core.dll
Software v1.12.exe
.exe windows:4 windows x86 arch:x86

Password: freehack

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:e2:29:fe:14:35:70:74:b6:6a:98:f8:0b:49:59:7c
Certificate

Issuer

CN=C2RService,O=C2RService,L=Redmond,ST=Washington,C=US

Not Before

17/02/2017, 00:12

Not After

31/12/2039, 23:59

Subject

CN=C2RService,O=C2RService,L=Redmond,ST=Washington,C=US

b5:8c:44:89:94:47:c3:bc:a6:08:5b:eb:ef:83:37:80:2e:45:ef:52:2a:13:b0:7b:3a:9a:79:1c:01:af:71:75
Signer

Actual PE Digest

b5:8c:44:89:94:47:c3:bc:a6:08:5b:eb:ef:83:37:80:2e:45:ef:52:2a:13:b0:7b:3a:9a:79:1c:01:af:71:75

Digest Algorithm

sha256

PE Digest Matches

false

b5:8c:44:89:94:47:c3:bc:a6:08:5b:eb:ef:83:37:80:2e:45:ef:52:2a:13:b0:7b:3a:9a:79:1c:01:af:71:75
Signer

Actual PE Digest

b5:8c:44:89:94:47:c3:bc:a6:08:5b:eb:ef:83:37:80:2e:45:ef:52:2a:13:b0:7b:3a:9a:79:1c:01:af:71:75

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 187KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 41KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: freehack

Password: freehack

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 66KB - Virtual size: 66KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 5KB

�.rsrc Size: 384KB - Virtual size: 310KB

@.reloc Size: 1.2MB - Virtual size: 1.2MB

Password: freehack

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 66KB - Virtual size: 66KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

Password: freehack

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cdCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

15:e2:29:fe:14:35:70:74:b6:6a:98:f8:0b:49:59:7cCertificate

b5:8c:44:89:94:47:c3:bc:a6:08:5b:eb:ef:83:37:80:2e:45:ef:52:2a:13:b0:7b:3a:9a:79:1c:01:af:71:75Signer

b5:8c:44:89:94:47:c3:bc:a6:08:5b:eb:ef:83:37:80:2e:45:ef:52:2a:13:b0:7b:3a:9a:79:1c:01:af:71:75Signer

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 187KB - Virtual size: 192KB

Size: 41KB - Virtual size: 351KB

Size: 15B - Virtual size: 12B

.imports Size: 1024B - Virtual size: 8KB

.rsrc Size: 255KB - Virtual size: 255KB

.themida Size: - Virtual size: 6.4MB

.boot Size: 4.5MB - Virtual size: 4.5MB

.taggant Size: 8KB - Virtual size: 9KB

.text
Size: 66KB - Virtual size: 66KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 5KB

�.rsrc
Size: 384KB - Virtual size: 310KB

@.reloc
Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 66KB - Virtual size: 66KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

15:e2:29:fe:14:35:70:74:b6:6a:98:f8:0b:49:59:7c
Certificate

b5:8c:44:89:94:47:c3:bc:a6:08:5b:eb:ef:83:37:80:2e:45:ef:52:2a:13:b0:7b:3a:9a:79:1c:01:af:71:75
Signer

b5:8c:44:89:94:47:c3:bc:a6:08:5b:eb:ef:83:37:80:2e:45:ef:52:2a:13:b0:7b:3a:9a:79:1c:01:af:71:75
Signer

.text
Size: 187KB - Virtual size: 192KB

.imports
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 255KB - Virtual size: 255KB

.themida
Size: - Virtual size: 6.4MB

.boot
Size: 4.5MB - Virtual size: 4.5MB

.taggant
Size: 8KB - Virtual size: 9KB