redline | SOLarVA[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SOLarVA.exe
Size

4.7MB
MD5

ddc63bd70b3637c33136be3ad66ed1e1
SHA1

28e5f36693efdd05fc65cef804d4c865c339e939
SHA256

745f38f0dd92b5c696a25a2772a46296c12d2535283ae8237abb4b6dbd976da4
SHA512

0e1cb64749540593042f0cdd7775ac470e61325300a7de8612a9a868fd407940182fb1163cfb6993f8cd3332fca7dcfd8b039dbab5f7a87c0a5354d4c1aa87d0
SSDEEP

98304:wghHWE2yxi5CwaMu/tGvA7MO9P/NK3+x8oncGGT:w8WEflwFu/tGYgOZ/NoO8C

Score

10^/10

themida redline

Malware Config

Signatures

Redline family
redline

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

SOLarVA.exe
.exe windows:4 windows x86 arch:x86

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:46

Not After

11-05-2023 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:e2:29:fe:14:35:70:74:b6:6a:98:f8:0b:49:59:7c
Certificate

Issuer

CN=C2RService,O=C2RService,L=Redmond,ST=Washington,C=US

Not Before

17-02-2017 00:12

Not After

31-12-2039 23:59

Subject

CN=C2RService,O=C2RService,L=Redmond,ST=Washington,C=US

30:4d:ef:7c:66:ec:0c:e6:0a:f5:9a:0c:b0:e8:1b:b5:15:fc:1f:a0:b8:17:ab:57:f3:a3:2e:0f:76:c7:ce:d9
Signer

Actual PE Digest

30:4d:ef:7c:66:ec:0c:e6:0a:f5:9a:0c:b0:e8:1b:b5:15:fc:1f:a0:b8:17:ab:57:f3:a3:2e:0f:76:c7:ce:d9

Digest Algorithm

sha256

PE Digest Matches

false

30:4d:ef:7c:66:ec:0c:e6:0a:f5:9a:0c:b0:e8:1b:b5:15:fc:1f:a0:b8:17:ab:57:f3:a3:2e:0f:76:c7:ce:d9
Signer

Actual PE Digest

30:4d:ef:7c:66:ec:0c:e6:0a:f5:9a:0c:b0:e8:1b:b5:15:fc:1f:a0:b8:17:ab:57:f3:a3:2e:0f:76:c7:ce:d9

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 187KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 21KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cdCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

15:e2:29:fe:14:35:70:74:b6:6a:98:f8:0b:49:59:7cCertificate

30:4d:ef:7c:66:ec:0c:e6:0a:f5:9a:0c:b0:e8:1b:b5:15:fc:1f:a0:b8:17:ab:57:f3:a3:2e:0f:76:c7:ce:d9Signer

30:4d:ef:7c:66:ec:0c:e6:0a:f5:9a:0c:b0:e8:1b:b5:15:fc:1f:a0:b8:17:ab:57:f3:a3:2e:0f:76:c7:ce:d9Signer

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 187KB - Virtual size: 192KB

Size: 21KB - Virtual size: 108KB

Size: 15B - Virtual size: 12B

.imports Size: 1024B - Virtual size: 8KB

.rsrc Size: 13KB - Virtual size: 13KB

.themida Size: - Virtual size: 6.2MB

.boot Size: 4.4MB - Virtual size: 4.4MB

.taggant Size: 8KB - Virtual size: 9KB

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

15:e2:29:fe:14:35:70:74:b6:6a:98:f8:0b:49:59:7c
Certificate

30:4d:ef:7c:66:ec:0c:e6:0a:f5:9a:0c:b0:e8:1b:b5:15:fc:1f:a0:b8:17:ab:57:f3:a3:2e:0f:76:c7:ce:d9
Signer

30:4d:ef:7c:66:ec:0c:e6:0a:f5:9a:0c:b0:e8:1b:b5:15:fc:1f:a0:b8:17:ab:57:f3:a3:2e:0f:76:c7:ce:d9
Signer

.text
Size: 187KB - Virtual size: 192KB

.imports
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 13KB - Virtual size: 13KB

.themida
Size: - Virtual size: 6.2MB

.boot
Size: 4.4MB - Virtual size: 4.4MB

.taggant
Size: 8KB - Virtual size: 9KB