5RH79kJAck[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

5RH79kJAck.exe
Size

9.4MB
MD5

110c2f02be7113f4e23757fd44c1037a
SHA1

bdda2ebc35f0050705549ca4093b0b1501621389
SHA256

43286f5e6373633c9b82b9ec604efdc8d82a45cf00c5e8f6c99c52deafc283f2
SHA512

41cc59f22ace911314c0ba4e3e77a1a9883d39c83e9a34b65c1c9aa54c18ba8c0f90c0b01c5617bc7b5fb89fb6d54adcb424d88aacfee3ca287f7814012d31d6
SSDEEP

196608:K2jpvNC14u6+6zsPPfAiH9d0cWc2xw91z8TyHsKQL7qrRhqHtVqCuAYi:VjpvNC1O+44fA00cqknHsdL7qrHqNVq0

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

5RH79kJAck.exe
.exe windows:6 windows x64 arch:x64

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:a1:64:d8:96:51:c2:2b:06:db:56:79:aa:09:d2:7f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

04/04/2023, 00:00

Not After

03/04/2026, 23:59

Subject

CN=Manthe Industries\, LLC,O=Manthe Industries\, LLC,L=Green Bay,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

40:37:1f:c7:b1:52:75:58:30:95:96:69:e4:a9:9d:2f:c6:be:e8:0f
Signer

Actual PE Digest

40:37:1f:c7:b1:52:75:58:30:95:96:69:e4:a9:9d:2f:c6:be:e8:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 1.4MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 338KB - Virtual size: 982KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 136KB - Virtual size: 489KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 117KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 43KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 10.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:a1:64:d8:96:51:c2:2b:06:db:56:79:aa:09:d2:7fCertificate

Extended Key Usages

Key Usages

40:37:1f:c7:b1:52:75:58:30:95:96:69:e4:a9:9d:2f:c6:be:e8:0fSigner

Headers

DLL Characteristics

File Characteristics

Sections

Size: 1.4MB - Virtual size: 3.6MB

Size: 338KB - Virtual size: 982KB

Size: 136KB - Virtual size: 489KB

Size: 117KB - Virtual size: 219KB

Size: 512B - Virtual size: 348B

Size: 43KB - Virtual size: 54KB

Size: 8KB - Virtual size: 36KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 7KB - Virtual size: 7KB

.themida Size: - Virtual size: 10.4MB

.boot Size: 7.3MB - Virtual size: 7.3MB

.reloc Size: 16B - Virtual size: 4KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:a1:64:d8:96:51:c2:2b:06:db:56:79:aa:09:d2:7f
Certificate

40:37:1f:c7:b1:52:75:58:30:95:96:69:e4:a9:9d:2f:c6:be:e8:0f
Signer

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 7KB - Virtual size: 7KB

.themida
Size: - Virtual size: 10.4MB

.boot
Size: 7.3MB - Virtual size: 7.3MB

.reloc
Size: 16B - Virtual size: 4KB