08167401255c540fed1d03109911cc841a05324958233cee0a798a0b13fdc877

Sharing

Copy URL

Twitter E-mail

General

Target

08167401255c540fed1d03109911cc841a05324958233cee0a798a0b13fdc877
Size

2.1MB
MD5

9fa5bfb2a6fa702ef279ff02924a2282
SHA1

f9f79b47d6dca30b6ed0cc94636b299923e10eda
SHA256

08167401255c540fed1d03109911cc841a05324958233cee0a798a0b13fdc877
SHA512

d796083383e4bddaf7946fb6a8dceeef515e08bb84580138a962a4190facae39f79bd0564f8f9c21674e694105cdcdbc2af79371db2bc8ed2cd43273f7f0af6c
SSDEEP

49152:dbjJjBx2m/qJD0VIFjFItQTKq4KhcK9a/IrViw4heHDDKjLZ:dhBx2m/+0VwFuiIgr4w4hev8Z

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

08167401255c540fed1d03109911cc841a05324958233cee0a798a0b13fdc877
.exe windows x86

Code Sign

0e:43:ad:f9:a1:82:86:81:9d:5d:83:3e:e2:95:0c:e9:7b:8b:63:8c
Certificate

Issuer

CN=Ascertia Public CA 1,O=Ascertia,C=GB

Not Before

31-03-2020 14:05

Not After

30-04-2020 14:05

Subject

CN=rag0o international,C=UK,1.2.840.113549.1.9.1=#0c0f726167306f40766d616e692e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e6
Certificate

Issuer

CN=Ascertia Root CA 2,O=Ascertia,C=GB

Not Before

21-04-2009 12:15

Not After

14-04-2028 23:59

Subject

CN=Ascertia Public CA 1,O=Ascertia,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

89:6d:45:c8:cd:ec:97:e6:e8:58:5f:e4:60:3d:6b:1f:17:cb:ef:c2:ce:2c:6c:d7:99:cd:9e:da:09:92:88:5a
Signer

Actual PE Digest

89:6d:45:c8:cd:ec:97:e6:e8:58:5f:e4:60:3d:6b:1f:17:cb:ef:c2:ce:2c:6c:d7:99:cd:9e:da:09:92:88:5a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=rag0o international,C=UK,1.2.840.113549.1.9.1=#0c0f726167306f40766d616e692e636f6d

02-04-2020 12:32
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 61KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 10KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 798B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 361KB - Virtual size: 545KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 764KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.loadcon
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.boot
Size: 774KB - Virtual size: 774KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

0e:43:ad:f9:a1:82:86:81:9d:5d:83:3e:e2:95:0c:e9:7b:8b:63:8cCertificate

Extended Key Usages

Key Usages

e6Certificate

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

89:6d:45:c8:cd:ec:97:e6:e8:58:5f:e4:60:3d:6b:1f:17:cb:ef:c2:ce:2c:6c:d7:99:cd:9e:da:09:92:88:5aSigner

Signature Validations

Verification

02-04-2020 12:32 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 61KB - Virtual size: 139KB

Size: 10KB - Virtual size: 28KB

Size: 798B - Virtual size: 16KB

Size: 1KB - Virtual size: 1KB

Size: 361KB - Virtual size: 545KB

Size: 5KB - Virtual size: 8KB

Size: 764KB - Virtual size: 2.6MB

.imports Size: 512B - Virtual size: 4KB

.rsrc Size: 167KB - Virtual size: 167KB

.themida Size: - Virtual size: 2.0MB

.loadcon Size: 512B - Virtual size: 4KB

.boot Size: 774KB - Virtual size: 774KB

.reloc Size: 16B - Virtual size: 4KB

0e:43:ad:f9:a1:82:86:81:9d:5d:83:3e:e2:95:0c:e9:7b:8b:63:8c
Certificate

e6
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

89:6d:45:c8:cd:ec:97:e6:e8:58:5f:e4:60:3d:6b:1f:17:cb:ef:c2:ce:2c:6c:d7:99:cd:9e:da:09:92:88:5a
Signer

02-04-2020 12:32
Valid: false

.imports
Size: 512B - Virtual size: 4KB

.rsrc
Size: 167KB - Virtual size: 167KB

.themida
Size: - Virtual size: 2.0MB

.loadcon
Size: 512B - Virtual size: 4KB

.boot
Size: 774KB - Virtual size: 774KB

.reloc
Size: 16B - Virtual size: 4KB