redline | S0larhjw[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

S0larhjw.rar
Size

5.2MB
MD5

7c2a521c316b20e44c4fb80235875eed
SHA1

5989bda19da4e9b00d7132d085fe1060c3a8dbe5
SHA256

ae676070fe18113b79a26908b72cab9cdf66181c263bfd0f122bddb35f21f7c8
SHA512

59cb21049ea7ec2dd0121ce6156aee4b7ceca64aaf13b71e6341d881e1b9b8defaf37f290f560d89c6d67d4780c8fbe70ffb701276db5c6e7c21e618fa23f41c
SSDEEP

98304:9lCp+jpwDTf5qsY4jRkNn8A4EDy+5swQp6sRuAMcNNjKVRLxV7mee+LXQ9UtN1kA:nC1DTBq/gon40y+/Qub8NIQ9Ubdp

Score

10^/10

themida redline

Malware Config

Signatures

Redline family
redline

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/SOLarVA.exe	themida

Files

S0larhjw.rar
.rar

Password: 6868
SOLarVA.exe
.exe windows:4 windows x86 arch:x86

Password: 6868

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:e2:29:fe:14:35:70:74:b6:6a:98:f8:0b:49:59:7c
Certificate

Issuer

CN=C2RService,O=C2RService,L=Redmond,ST=Washington,C=US

Not Before

17/02/2017, 00:12

Not After

31/12/2039, 23:59

Subject

CN=C2RService,O=C2RService,L=Redmond,ST=Washington,C=US

30:4d:ef:7c:66:ec:0c:e6:0a:f5:9a:0c:b0:e8:1b:b5:15:fc:1f:a0:b8:17:ab:57:f3:a3:2e:0f:76:c7:ce:d9
Signer

Actual PE Digest

30:4d:ef:7c:66:ec:0c:e6:0a:f5:9a:0c:b0:e8:1b:b5:15:fc:1f:a0:b8:17:ab:57:f3:a3:2e:0f:76:c7:ce:d9

Digest Algorithm

sha256

PE Digest Matches

false

30:4d:ef:7c:66:ec:0c:e6:0a:f5:9a:0c:b0:e8:1b:b5:15:fc:1f:a0:b8:17:ab:57:f3:a3:2e:0f:76:c7:ce:d9
Signer

Actual PE Digest

30:4d:ef:7c:66:ec:0c:e6:0a:f5:9a:0c:b0:e8:1b:b5:15:fc:1f:a0:b8:17:ab:57:f3:a3:2e:0f:76:c7:ce:d9

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 187KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 21KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
libEGL.dll.ini
locales/cef_100_percent.pak
.js
locales/cef_200_percent.pak
.js

Sharing

General

Malware Config

Signatures

Files

Password: 6868

Password: 6868

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cdCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

15:e2:29:fe:14:35:70:74:b6:6a:98:f8:0b:49:59:7cCertificate

30:4d:ef:7c:66:ec:0c:e6:0a:f5:9a:0c:b0:e8:1b:b5:15:fc:1f:a0:b8:17:ab:57:f3:a3:2e:0f:76:c7:ce:d9Signer

30:4d:ef:7c:66:ec:0c:e6:0a:f5:9a:0c:b0:e8:1b:b5:15:fc:1f:a0:b8:17:ab:57:f3:a3:2e:0f:76:c7:ce:d9Signer

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 187KB - Virtual size: 192KB

Size: 21KB - Virtual size: 108KB

Size: 15B - Virtual size: 12B

.imports Size: 1024B - Virtual size: 8KB

.rsrc Size: 13KB - Virtual size: 13KB

.themida Size: - Virtual size: 6.2MB

.boot Size: 4.4MB - Virtual size: 4.4MB

.taggant Size: 8KB - Virtual size: 9KB

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

15:e2:29:fe:14:35:70:74:b6:6a:98:f8:0b:49:59:7c
Certificate

30:4d:ef:7c:66:ec:0c:e6:0a:f5:9a:0c:b0:e8:1b:b5:15:fc:1f:a0:b8:17:ab:57:f3:a3:2e:0f:76:c7:ce:d9
Signer

30:4d:ef:7c:66:ec:0c:e6:0a:f5:9a:0c:b0:e8:1b:b5:15:fc:1f:a0:b8:17:ab:57:f3:a3:2e:0f:76:c7:ce:d9
Signer

.text
Size: 187KB - Virtual size: 192KB

.imports
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 13KB - Virtual size: 13KB

.themida
Size: - Virtual size: 6.2MB

.boot
Size: 4.4MB - Virtual size: 4.4MB

.taggant
Size: 8KB - Virtual size: 9KB