bootstrap_win[.]exe

Resubmissions

04-09-2024 17:40

240904-v85jasthkj 9

04-09-2024 17:32

240904-v4e3vavhkh 9

04-09-2024 17:24

240904-vyq8xstgjr 9

Sharing

Copy URL

Twitter E-mail

General

Target

bootstrap_win.exe
Size

8.4MB
MD5

94bb92418bf395fa8d5ac86ab036f121
SHA1

2a62229615d627cd225a783079caff4f22f4005a
SHA256

f41d12d5b736a82f4c53e3c3f242560dfd800a24076186399dd695f3b493184b
SHA512

7205e4e6a67f2685669bb2262e6f3c459978e20bf80497714d1b67ede1731b92c0ed067181c703ee8cd43bf9d5780469eda00706f4b96dfc7ba18bbc688f099e
SSDEEP

196608:dDHArnQmQ6ikz8BnfVamqeDR9Loa8S/qErUfN40v62U+MG:tiVQ6inNqeDR9ca7SErUfJy2Uo

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

bootstrap_win.exe
.exe windows:6 windows x86 arch:x86

Password: bbbbbvvv

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:27:41:a9:81:7a:46:0e:73:e6:46:5c:8c:82:8e:be
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

10-11-2022 00:00

Not After

10-11-2023 23:59

Subject

CN=BITWISE YAZILIM INTERNET VE TICARET LIMITED SIRKETI,O=BITWISE YAZILIM INTERNET VE TICARET LIMITED SIRKETI,ST=Kocaeli,C=TR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

05:3c:01:bb:99:51:f6:0b:69:ab:96:6a:a4:c4:11:6d:1f:cd:42:e0:36:d8:c1:e0:5e:0d:78:95:ab:08:d1:d0
Signer

Actual PE Digest

05:3c:01:bb:99:51:f6:0b:69:ab:96:6a:a4:c4:11:6d:1f:cd:42:e0:36:d8:c1:e0:5e:0d:78:95:ab:08:d1:d0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 1.5MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1.6MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 211KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 155KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 23KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: bbbbbvvv

Code Sign

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

03:27:41:a9:81:7a:46:0e:73:e6:46:5c:8c:82:8e:beCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

05:3c:01:bb:99:51:f6:0b:69:ab:96:6a:a4:c4:11:6d:1f:cd:42:e0:36:d8:c1:e0:5e:0d:78:95:ab:08:d1:d0Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 1.5MB - Virtual size: 3.9MB

Size: 1.6MB - Virtual size: 4.1MB

Size: 211KB - Virtual size: 534KB

Size: 512B - Virtual size: 1020B

Size: 155KB - Virtual size: 318KB

Size: 512B - Virtual size: 4B

Size: 23KB - Virtual size: 110KB

.idata Size: 512B - Virtual size: 4KB

.rsrc Size: 111KB - Virtual size: 111KB

.themida Size: - Virtual size: 7.6MB

.boot Size: 4.8MB - Virtual size: 4.8MB

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

03:27:41:a9:81:7a:46:0e:73:e6:46:5c:8c:82:8e:be
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

05:3c:01:bb:99:51:f6:0b:69:ab:96:6a:a4:c4:11:6d:1f:cd:42:e0:36:d8:c1:e0:5e:0d:78:95:ab:08:d1:d0
Signer

.idata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 111KB - Virtual size: 111KB

.themida
Size: - Virtual size: 7.6MB

.boot
Size: 4.8MB - Virtual size: 4.8MB