3[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3.exe
Size

9.6MB
MD5

1bc175620b9f5d258168946f239edb2b
SHA1

453ea8cb042cc05bc2e2fda36a31151664381a39
SHA256

7816f5aaff30a1317b65471fa7e4d9e49632a9ac9a9a36f373a720668b6d1328
SHA512

841208a8ec7fce1e8a75c3f8806ce24000c07013482dd3959838bcdbc9d103724d7d7b678522b61401228d7034ae1f25b2b6ee0c7f832b97f4f6fcdd85138a67
SSDEEP

196608:wfAumLxcxjO9QxiKpW5LPt48WeC7Twb5T6tXVOKgUiiIw858:KAudKQtItITUTPri3

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

3.exe
.exe windows:5 windows x86 arch:x86

Code Sign

6a:94:21:70:5a:99:64:b3:c3:2d:6c:a9:f2:78:5f:e2
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

16/05/2022, 14:24

Not After

19/04/2024, 15:49

Subject

SERIALNUMBER=HRB 12582,CN=DigitalWorks UG (haftungsbeschränkt),O=DigitalWorks UG (haftungsbeschränkt),L=Röttenbach,ST=Bayern,C=DE,1.3.6.1.4.1.311.60.2.1.3=#13024445,1.3.6.1.4.1.311.60.2.1.2=#130642617965726e,1.3.6.1.4.1.311.60.2.1.1=#0c0646c3bc727468,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26/03/2019, 17:44

Not After

22/03/2034, 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/02/2024, 16:18

Not After

16/02/2034, 16:18

Subject

CN=SSL.com Timestamping Unit 2024 E1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:da:8b:07:ca:61:5d:d7:a3:9b:ee:d0:17:e7:90:1b:5a:89:84:77:ca:42:e3:42:22:ed:3f:80:4e:c3:7e:4a
Signer

Actual PE Digest

7a:da:8b:07:ca:61:5d:d7:a3:9b:ee:d0:17:e7:90:1b:5a:89:84:77:ca:42:e3:42:22:ed:3f:80:4e:c3:7e:4a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 486KB - Virtual size: 944KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 536KB - Virtual size: 765KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 17KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 49KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 11.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

6a:94:21:70:5a:99:64:b3:c3:2d:6c:a9:f2:78:5f:e2Certificate

Extended Key Usages

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7Certificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

7a:da:8b:07:ca:61:5d:d7:a3:9b:ee:d0:17:e7:90:1b:5a:89:84:77:ca:42:e3:42:22:ed:3f:80:4e:c3:7e:4aSigner

Headers

DLL Characteristics

File Characteristics

Sections

Size: 486KB - Virtual size: 944KB

Size: 536KB - Virtual size: 765KB

Size: 17KB - Virtual size: 50KB

Size: 512B - Virtual size: 952B

Size: 49KB - Virtual size: 66KB

.idata Size: 1024B - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

.themida Size: - Virtual size: 11.9MB

.boot Size: 8.5MB - Virtual size: 8.5MB

6a:94:21:70:5a:99:64:b3:c3:2d:6c:a9:f2:78:5f:e2
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

7a:da:8b:07:ca:61:5d:d7:a3:9b:ee:d0:17:e7:90:1b:5a:89:84:77:ca:42:e3:42:22:ed:3f:80:4e:c3:7e:4a
Signer

.idata
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.themida
Size: - Virtual size: 11.9MB

.boot
Size: 8.5MB - Virtual size: 8.5MB