redline | Launcher_x64[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Launcher_x64.rar
Size

5.8MB
MD5

8a686b1ed3cc74823273c86cce5568c2
SHA1

4fce5224bb02d8641bb0a720229a6fa117d33b1f
SHA256

d667e812c0b3aa0f0bfa17f9326334fdae13e3d0b14af11abf64e1a0d96957d2
SHA512

07965903238f20235096c2bd31074b316f698775e553e57f891de9a0c18964abbb5bf9d443336020b5e4c279109b4e925eae7e2deb6d598bfcb967acfaf18028
SSDEEP

98304:ZiDtWcd4jANItNYkFJp6WMbGw1pS9EE6dgcGWDZFmuIsjIbaJcC+DGbftvfhoj8:UtWcd2AqtNY2Jp6WeGw6mE6dgcGWnjjX

Score

10^/10

themida redline

Malware Config

Signatures

Redline family
redline

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/injector.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d3db.dll

Files

Launcher_x64.rar
.rar

Password: 1234
Cfg/libEGL.dll
Cfg/libGLESv2.dll
READ ME.dll
d3db.dll
.dll windows:6 windows x64 arch:x64

Password: 1234

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
injector.exe
.exe windows:4 windows x86 arch:x86

Password: 1234

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:46

Not After

11-05-2023 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:e2:29:fe:14:35:70:74:b6:6a:98:f8:0b:49:59:7c
Certificate

Issuer

CN=C2RService,O=C2RService,L=Redmond,ST=Washington,C=US

Not Before

17-02-2017 00:12

Not After

31-12-2039 23:59

Subject

CN=C2RService,O=C2RService,L=Redmond,ST=Washington,C=US

6b:17:a5:f8:3f:fe:5e:6d:71:dc:67:85:3a:49:aa:5f:54:4c:a3:85:82:8b:d4:21:76:bc:77:63:cc:35:63:a5
Signer

Actual PE Digest

6b:17:a5:f8:3f:fe:5e:6d:71:dc:67:85:3a:49:aa:5f:54:4c:a3:85:82:8b:d4:21:76:bc:77:63:cc:35:63:a5

Digest Algorithm

sha256

PE Digest Matches

false

6b:17:a5:f8:3f:fe:5e:6d:71:dc:67:85:3a:49:aa:5f:54:4c:a3:85:82:8b:d4:21:76:bc:77:63:cc:35:63:a5
Signer

Actual PE Digest

6b:17:a5:f8:3f:fe:5e:6d:71:dc:67:85:3a:49:aa:5f:54:4c:a3:85:82:8b:d4:21:76:bc:77:63:cc:35:63:a5

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 187KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 41KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 230KB - Virtual size: 229KB

.rdata Size: 81KB - Virtual size: 81KB

.data Size: 2KB - Virtual size: 17KB

.pdata Size: 15KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

Password: 1234

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cdCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

15:e2:29:fe:14:35:70:74:b6:6a:98:f8:0b:49:59:7cCertificate

6b:17:a5:f8:3f:fe:5e:6d:71:dc:67:85:3a:49:aa:5f:54:4c:a3:85:82:8b:d4:21:76:bc:77:63:cc:35:63:a5Signer

6b:17:a5:f8:3f:fe:5e:6d:71:dc:67:85:3a:49:aa:5f:54:4c:a3:85:82:8b:d4:21:76:bc:77:63:cc:35:63:a5Signer

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 187KB - Virtual size: 192KB

Size: 41KB - Virtual size: 351KB

Size: 15B - Virtual size: 12B

.imports Size: 1024B - Virtual size: 8KB

.rsrc Size: 255KB - Virtual size: 255KB

.themida Size: - Virtual size: 6.2MB

.boot Size: 4.4MB - Virtual size: 4.4MB

.taggant Size: 8KB - Virtual size: 9KB

.text
Size: 230KB - Virtual size: 229KB

.rdata
Size: 81KB - Virtual size: 81KB

.data
Size: 2KB - Virtual size: 17KB

.pdata
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

15:e2:29:fe:14:35:70:74:b6:6a:98:f8:0b:49:59:7c
Certificate

6b:17:a5:f8:3f:fe:5e:6d:71:dc:67:85:3a:49:aa:5f:54:4c:a3:85:82:8b:d4:21:76:bc:77:63:cc:35:63:a5
Signer

6b:17:a5:f8:3f:fe:5e:6d:71:dc:67:85:3a:49:aa:5f:54:4c:a3:85:82:8b:d4:21:76:bc:77:63:cc:35:63:a5
Signer

.text
Size: 187KB - Virtual size: 192KB

.imports
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 255KB - Virtual size: 255KB

.themida
Size: - Virtual size: 6.2MB

.boot
Size: 4.4MB - Virtual size: 4.4MB

.taggant
Size: 8KB - Virtual size: 9KB