Updater[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Updater.exe
Size

3.1MB
MD5

7261b7341788137e8649905df3af747d
SHA1

f0c675f37cf7004fc020c724a76903ee7d038e56
SHA256

c060325ef9ff61c904036e821b78ef11be7be89a98302b1246d0ea6518e72730
SHA512

c3dd2e3f3d13beb3909f31c0e33f3528ff50e265abb13bf0d37812a450a84b5858d978cb9f94873a38e80b32538e07fbfacecc1d360b3cee73d5f3925c59a188
SSDEEP

49152:9nSJK/9/wUpPVAdq9Bw6t+ZtbeGRBj58m9jOmpmDRZ0SF6WM:iK/9/wU7AuK68/PRBjFR2RW86WM

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

Updater.exe
.exe windows:4 windows x86 arch:x86

Code Sign

59:ae:12:33:e1:80:68:97:43:8d:f0:ee:c7:05:1e:17
Certificate

Issuer

CN=AVG Technologies USA LLC ™‰™‰™‰

Not Before

06/01/2024, 10:14

Not After

07/01/2034, 10:14

Subject

CN=AVG Technologies USA LLC ™‰™‰™‰

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:02:f4:2e:ed:52:bd:33:d7:9a:4c:03:23:0b:b6:e3:2b:67:96:b8:fc:cc:dc:2e:72:46:c4:65:91:f4:4d:7f
Signer

Actual PE Digest

44:02:f4:2e:ed:52:bd:33:d7:9a:4c:03:23:0b:b6:e3:2b:67:96:b8:fc:cc:dc:2e:72:46:c4:65:91:f4:4d:7f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 112B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

59:ae:12:33:e1:80:68:97:43:8d:f0:ee:c7:05:1e:17Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

44:02:f4:2e:ed:52:bd:33:d7:9a:4c:03:23:0b:b6:e3:2b:67:96:b8:fc:cc:dc:2e:72:46:c4:65:91:f4:4d:7fSigner

Headers

File Characteristics

Sections

Size: 9KB - Virtual size: 17KB

Size: 512B - Virtual size: 40B

Size: 1024B - Virtual size: 1KB

Size: 1KB - Virtual size: 4KB

.bss Size: - Virtual size: 112B

Size: 512B - Virtual size: 1KB

Size: 512B - Virtual size: 24B

Size: 512B - Virtual size: 32B

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.idata Size: 512B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 3.9MB

.boot Size: 1.4MB - Virtual size: 1.4MB

59:ae:12:33:e1:80:68:97:43:8d:f0:ee:c7:05:1e:17
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

44:02:f4:2e:ed:52:bd:33:d7:9a:4c:03:23:0b:b6:e3:2b:67:96:b8:fc:cc:dc:2e:72:46:c4:65:91:f4:4d:7f
Signer

.bss
Size: - Virtual size: 112B

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.idata
Size: 512B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 3.9MB

.boot
Size: 1.4MB - Virtual size: 1.4MB