9239b0cca0cf179a768ee5ac96860967788cd1d1e2a26f905d67f87cb81f4bc4

Sharing

Copy URL

Twitter E-mail

General

Target

9239b0cca0cf179a768ee5ac96860967788cd1d1e2a26f905d67f87cb81f4bc4
Size

7.9MB
MD5

90c3ee4a646f3d0ede054bdbffaf99dd
SHA1

81e5416cd1a292092a7fa8a022ac7941bf039714
SHA256

9239b0cca0cf179a768ee5ac96860967788cd1d1e2a26f905d67f87cb81f4bc4
SHA512

b3ef81431e854e71c7c4ede29f6b0ceb867b43c864abff10faabc80db12acdd4c627bfe93c4f7d4448c5bcb434dd5937a9b9e579a31900e3480777a7a4f69ffb
SSDEEP

196608:7XrLAmpcmHzvYo2druV7AWy5GOgl/XHE7O7p7p1zdGAph2B:77k6bHDR2drgNCXA/XGO7p9nhg

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

9239b0cca0cf179a768ee5ac96860967788cd1d1e2a26f905d67f87cb81f4bc4
.exe windows x86

Code Sign

01:02:3e:45:d7:81:23:52:59:d5:93:0c:2d:3f:fd:c3
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28-01-2021 00:00

Not After

25-11-2022 23:59

Subject

CN=Movegames Co.\,Ltd.,O=Movegames Co.\,Ltd.,L=Mapo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:06:71:24:2b:4d:fb:60:8f:3d:57:af:4d:f6:9f:00:8e:3a:b6:84:ab:f8:8b:cf:c6:94:1c:9b:2b:21:cd:88
Signer

Actual PE Digest

57:06:71:24:2b:4d:fb:60:8f:3d:57:af:4d:f6:9f:00:8e:3a:b6:84:ab:f8:8b:cf:c6:94:1c:9b:2b:21:cd:88

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Movegames Co.\,Ltd.,O=Movegames Co.\,Ltd.,L=Mapo-gu,ST=Seoul,C=KR

06-12-2021 07:41
Valid: true

Chain 1

CN=Movegames Co.\,Ltd.,O=Movegames Co.\,Ltd.,L=Mapo-gu,ST=Seoul,C=KR

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 4.0MB - Virtual size: 10.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 584KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 23KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 264KB - Virtual size: 459KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

01:02:3e:45:d7:81:23:52:59:d5:93:0c:2d:3f:fd:c3Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

57:06:71:24:2b:4d:fb:60:8f:3d:57:af:4d:f6:9f:00:8e:3a:b6:84:ab:f8:8b:cf:c6:94:1c:9b:2b:21:cd:88Signer

Signature Validations

Verification

06-12-2021 07:41 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Sections

Size: 4.0MB - Virtual size: 10.1MB

Size: 584KB - Virtual size: 1.7MB

Size: 23KB - Virtual size: 252KB

Size: 512B - Virtual size: 100B

Size: 512B - Virtual size: 9B

Size: 9KB - Virtual size: 25KB

Size: 264KB - Virtual size: 459KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.themida Size: - Virtual size: 5.1MB

.boot Size: 3.1MB - Virtual size: 3.1MB

.reloc Size: 16B - Virtual size: 4KB

01:02:3e:45:d7:81:23:52:59:d5:93:0c:2d:3f:fd:c3
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

57:06:71:24:2b:4d:fb:60:8f:3d:57:af:4d:f6:9f:00:8e:3a:b6:84:ab:f8:8b:cf:c6:94:1c:9b:2b:21:cd:88
Signer

06-12-2021 07:41
Valid: true

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.themida
Size: - Virtual size: 5.1MB

.boot
Size: 3.1MB - Virtual size: 3.1MB

.reloc
Size: 16B - Virtual size: 4KB