f071d4f172cf4813824423d01d063626551862489fb904b241dfc8f5ecd7df67

Sharing

Copy URL

Twitter E-mail

General

Target

f071d4f172cf4813824423d01d063626551862489fb904b241dfc8f5ecd7df67
Size

8.1MB
MD5

ada9c6c201d6732e378d53f03502962e
SHA1

81d4450cb18054a87fea2f5d266cd71f33c8f013
SHA256

f071d4f172cf4813824423d01d063626551862489fb904b241dfc8f5ecd7df67
SHA512

160ec65f272d322c28267cea0cc559df0fe4a9df8ea41b9841cb0123219e5545103cf1267ff92e75502145ba7888331fcdb247296618133811d26b24daf96845
SSDEEP

196608:6exG4/wJZfrj+eRLE2x4vhegpOc4bGKT+QQDWOLFZN:6ex4JZf1RLE2x4w2WpCQyLFn

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

f071d4f172cf4813824423d01d063626551862489fb904b241dfc8f5ecd7df67
.exe windows x64

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ba:86:ab:56:10:7e:6c:e3:27:15:aa:11:9b:fd:97
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31-03-2020 00:00

Not After

28-07-2022 12:00

Subject

SERIALNUMBER=559077-6752,CN=Int3 Software AB,O=Int3 Software AB,L=Gothenburg,C=SE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025345

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:27:2c:0e:c0:54:83:c8:03:bf:1c:15:bc:1f:3c:80
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-04-2020 00:00

Not After

28-07-2022 12:00

Subject

SERIALNUMBER=559077-6752,CN=Int3 Software AB,O=Int3 Software AB,L=Gothenburg,C=SE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025345

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:d8:8a:aa:89:10:4f:68:eb:45:7c:c0:7d:da:f0:a0:77:18:e8:4f:ad:8f:3b:63:9d:32:ee:b1:eb:ee:f0:61
Signer

Actual PE Digest

35:d8:8a:aa:89:10:4f:68:eb:45:7c:c0:7d:da:f0:a0:77:18:e8:4f:ad:8f:3b:63:9d:32:ee:b1:eb:ee:f0:61

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=559077-6752,CN=Int3 Software AB,O=Int3 Software AB,L=Gothenburg,C=SE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025345

24-11-2021 15:23
Valid: true

Chain 1

SERIALNUMBER=559077-6752,CN=Int3 Software AB,O=Int3 Software AB,L=Gothenburg,C=SE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025345

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

69:bb:52:b8:89:d1:3f:db:19:10:bc:2c:19:10:8c:a4:d5:b7:ab:1d
Signer

Actual PE Digest

69:bb:52:b8:89:d1:3f:db:19:10:bc:2c:19:10:8c:a4:d5:b7:ab:1d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=559077-6752,CN=Int3 Software AB,O=Int3 Software AB,L=Gothenburg,C=SE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025345

24-11-2021 15:23
Valid: true

Chain 1

SERIALNUMBER=559077-6752,CN=Int3 Software AB,O=Int3 Software AB,L=Gothenburg,C=SE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025345

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 1.5MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 22KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 72KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 9KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

01:ba:86:ab:56:10:7e:6c:e3:27:15:aa:11:9b:fd:97Certificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

07:27:2c:0e:c0:54:83:c8:03:bf:1c:15:bc:1f:3c:80Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

35:d8:8a:aa:89:10:4f:68:eb:45:7c:c0:7d:da:f0:a0:77:18:e8:4f:ad:8f:3b:63:9d:32:ee:b1:eb:ee:f0:61Signer

Signature Validations

Verification

24-11-2021 15:23 Valid: true

Chain 1

69:bb:52:b8:89:d1:3f:db:19:10:bc:2c:19:10:8c:a4:d5:b7:ab:1dSigner

Signature Validations

Verification

24-11-2021 15:23 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Sections

Size: 1.5MB - Virtual size: 3.1MB

Size: 2.0MB - Virtual size: 3.0MB

Size: 22KB - Virtual size: 138KB

Size: 72KB - Virtual size: 125KB

Size: 512B - Virtual size: 244B

Size: 3KB - Virtual size: 60KB

Size: 9KB - Virtual size: 32KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: 5KB - Virtual size: 8KB

.rsrc Size: 60KB - Virtual size: 60KB

.themida Size: - Virtual size: 7.6MB

.boot Size: 4.3MB - Virtual size: 4.3MB

.reloc Size: 16B - Virtual size: 4KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

01:ba:86:ab:56:10:7e:6c:e3:27:15:aa:11:9b:fd:97
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

07:27:2c:0e:c0:54:83:c8:03:bf:1c:15:bc:1f:3c:80
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

35:d8:8a:aa:89:10:4f:68:eb:45:7c:c0:7d:da:f0:a0:77:18:e8:4f:ad:8f:3b:63:9d:32:ee:b1:eb:ee:f0:61
Signer

24-11-2021 15:23
Valid: true

69:bb:52:b8:89:d1:3f:db:19:10:bc:2c:19:10:8c:a4:d5:b7:ab:1d
Signer

24-11-2021 15:23
Valid: true

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 60KB - Virtual size: 60KB

.themida
Size: - Virtual size: 7.6MB

.boot
Size: 4.3MB - Virtual size: 4.3MB

.reloc
Size: 16B - Virtual size: 4KB