f9efec24e93faeca1f6b3d17217b4276[.]7z

Resubmissions

04-02-2022 01:08

220204-bhltqaefdn 7

04-02-2022 01:03

220204-behmwsecd8 10

Sharing

Copy URL

Twitter E-mail

General

Target

f9efec24e93faeca1f6b3d17217b4276.7z
Size

1.9MB
MD5

0b179ffa525df617b4cdb1019de6f0e7
SHA1

2db41c43a38864334f8478fbd53c7f08ec53470b
SHA256

f2ea0c82296271e4d6eebb929caabcbe19da67d0ad9d81f46685156869ddaea4
SHA512

378b2c741bd4c04c9e6314f2c32c12d9356811d1e75412ac5507391d5a12e4bf53eed5f549813a76c6ee801bffa479d629876029745621bfcb3c68a9b504c61f
SSDEEP

49152:8DWucfa8m+m79HXbKt4uvWAmaq9LgPt5fPVcTDllImPr9:8rblR2JvpmaYEPXPKTDw+

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
static1/unpack001/f9efec24e93faeca1f6b3d17217b4276	themida

Files

f9efec24e93faeca1f6b3d17217b4276.7z
.7z

Password: infected
f9efec24e93faeca1f6b3d17217b4276
.exe windows x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:85:b7:e1:88:d8:fa:fd:38:a4:3d:48:96:7d:74:88
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13-02-2019 00:00

Not After

13-02-2022 23:59

Subject

CN=Advanced Micro Devices INC.,O=Advanced Micro Devices INC.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:dd:40:de:46:38:b7:58:39:22:52:02:42:3c:78:db:92:f6:ea:70:53:f3:27:dc:fe:ab:b7:34:55:2b:ea:d5
Signer

Actual PE Digest

3d:dd:40:de:46:38:b7:58:39:22:52:02:42:3c:78:db:92:f6:ea:70:53:f3:27:dc:fe:ab:b7:34:55:2b:ea:d5

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Advanced Micro Devices INC.,O=Advanced Micro Devices INC.,L=Santa Clara,ST=California,C=US

19-05-2020 07:21
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 34KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 15KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

18:85:b7:e1:88:d8:fa:fd:38:a4:3d:48:96:7d:74:88Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

3d:dd:40:de:46:38:b7:58:39:22:52:02:42:3c:78:db:92:f6:ea:70:53:f3:27:dc:fe:ab:b7:34:55:2b:ea:d5Signer

Signature Validations

Verification

19-05-2020 07:21 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 34KB - Virtual size: 96KB

Size: 15KB - Virtual size: 280KB

Size: 1024B - Virtual size: 12B

.vm_sec Size: 16KB - Virtual size: 16KB

.idata Size: 1024B - Virtual size: 8KB

.rsrc Size: 281KB - Virtual size: 281KB

.themida Size: - Virtual size: 4.3MB

.boot Size: 1.9MB - Virtual size: 1.9MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

18:85:b7:e1:88:d8:fa:fd:38:a4:3d:48:96:7d:74:88
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

3d:dd:40:de:46:38:b7:58:39:22:52:02:42:3c:78:db:92:f6:ea:70:53:f3:27:dc:fe:ab:b7:34:55:2b:ea:d5
Signer

19-05-2020 07:21
Valid: false

.vm_sec
Size: 16KB - Virtual size: 16KB

.idata
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 281KB - Virtual size: 281KB

.themida
Size: - Virtual size: 4.3MB

.boot
Size: 1.9MB - Virtual size: 1.9MB