842747a1f0e277fcb3018c69425e666e3124ded094dbf492b9c19008fbfd37af

Sharing

Copy URL

Twitter E-mail

General

Target

842747a1f0e277fcb3018c69425e666e3124ded094dbf492b9c19008fbfd37af
Size

2.7MB
MD5

a1fbef6bdf66dc84739ff4775c81a915
SHA1

8b711a4a22c7afcc6140e63ce63a779d6ac4af49
SHA256

842747a1f0e277fcb3018c69425e666e3124ded094dbf492b9c19008fbfd37af
SHA512

e6b072e3f93331311cb61152ff0bbe819b63353c2dab2ee045d3d3d745be639a3161463fc7b5e38c5df20bd5daa34e6deaf2ea3dc65a264599fab705bcb3cf64
SSDEEP

49152:io5pvfbg6t+VIQK5qO/UIHsHud38vg20otszJcH08ilm6szHthsjJdXY+QNWYYOW:DZfk0qwUksHud38vWhJcULFGsjJCW/

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

842747a1f0e277fcb3018c69425e666e3124ded094dbf492b9c19008fbfd37af
.exe windows x86

Code Sign

27:ee:a1:9e:74:35:92:82:47:fb:22:cd:37:78:c6:41
Certificate

Issuer

CN=Lenovo IdeaCentre 3 27IMB05 F0EY00G8UA

Not Before

30-10-2021 11:20

Not After

31-10-2031 11:20

Subject

CN=Lenovo IdeaCentre 3 27IMB05 F0EY00G8UA

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

97:e7:b2:6c:a5:5b:fc:64:15:c0:df:ca:37:bd:46:74:9c:95:25:88:b8:61:01:aa:5b:cb:39:9b:76:1a:c8:5f
Signer

Actual PE Digest

97:e7:b2:6c:a5:5b:fc:64:15:c0:df:ca:37:bd:46:74:9c:95:25:88:b8:61:01:aa:5b:cb:39:9b:76:1a:c8:5f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Lenovo IdeaCentre 3 27IMB05 F0EY00G8UA

14-02-2022 17:36
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 101KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 65KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

r Q*jr%L
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

r Q*jr%L
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 379KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

27:ee:a1:9e:74:35:92:82:47:fb:22:cd:37:78:c6:41Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

97:e7:b2:6c:a5:5b:fc:64:15:c0:df:ca:37:bd:46:74:9c:95:25:88:b8:61:01:aa:5b:cb:39:9b:76:1a:c8:5fSigner

Signature Validations

Verification

14-02-2022 17:36 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 101KB - Virtual size: 200KB

Size: 65KB - Virtual size: 339KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

r Q*jr%L Size: 2KB - Virtual size: 8KB

.themida Size: - Virtual size: 3.9MB

.boot Size: 2.2MB - Virtual size: 2.2MB

r Q*jr%L Size: 3KB - Virtual size: 3KB

.rsrc Size: 379KB - Virtual size: 378KB

27:ee:a1:9e:74:35:92:82:47:fb:22:cd:37:78:c6:41
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

97:e7:b2:6c:a5:5b:fc:64:15:c0:df:ca:37:bd:46:74:9c:95:25:88:b8:61:01:aa:5b:cb:39:9b:76:1a:c8:5f
Signer

14-02-2022 17:36
Valid: false

.idata
Size: 512B - Virtual size: 8KB

r Q*jr%L
Size: 2KB - Virtual size: 8KB

.themida
Size: - Virtual size: 3.9MB

.boot
Size: 2.2MB - Virtual size: 2.2MB

r Q*jr%L
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 379KB - Virtual size: 378KB