3c4613128cbdaec360b371a09007f3d6d62cacf46de2816c837cdf050eb5f9d5

Sharing

Copy URL

Twitter E-mail

General

Target

3c4613128cbdaec360b371a09007f3d6d62cacf46de2816c837cdf050eb5f9d5
Size

8.3MB
MD5

556b9453178229e256789b29534d5ed9
SHA1

9eea718c9e10087124ee8d8867dc0e458b4288b2
SHA256

3c4613128cbdaec360b371a09007f3d6d62cacf46de2816c837cdf050eb5f9d5
SHA512

01b7b3d7067db6ba93ae76e8f119566070e799a2032d9aeaa3f535265bed7d6a72c0a03eff201353f86bcc9f03b8aaef1b8e92c22a60d8ee054c81037d2f55de
SSDEEP

196608:JqxjNYaOc2FUrhEXdR3s9RTMjbZ+CF4FDFEjGfcM19CR0uiN0CifcRmn:6xYaOcdhEXdRr1F1j2HCR0uNfgY

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

3c4613128cbdaec360b371a09007f3d6d62cacf46de2816c837cdf050eb5f9d5
.exe windows x64

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:31:c2:f7:1e:6d:25:6b:77:8d:1b:27:7c:c2:8d:01
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18-11-2021 00:00

Not After

17-11-2023 23:59

Subject

SERIALNUMBER=110111-2545155,CN=Smilegate Entertainment\, Inc.,O=Smilegate Entertainment\, Inc.,L=Seongnam-si,ST=Gyeonggi-do,C=KR,1.3.6.1.4.1.311.60.2.1.1=#130b53656f6e676e616d2d7369,1.3.6.1.4.1.311.60.2.1.2=#130b4779656f6e6767692d646f,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:31:c2:f7:1e:6d:25:6b:77:8d:1b:27:7c:c2:8d:01
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18-11-2021 00:00

Not After

17-11-2023 23:59

Subject

SERIALNUMBER=110111-2545155,CN=Smilegate Entertainment\, Inc.,O=Smilegate Entertainment\, Inc.,L=Seongnam-si,ST=Gyeonggi-do,C=KR,1.3.6.1.4.1.311.60.2.1.1=#130b53656f6e676e616d2d7369,1.3.6.1.4.1.311.60.2.1.2=#130b4779656f6e6767692d646f,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

73:49:31:9e:a3:b4:dc:32:d8:d7:43:45:c3:5f:47:c1:3e:18:b5:a5:ae:93:ab:4d:99:fb:a2:3d:23:27:0e:71
Signer

Actual PE Digest

73:49:31:9e:a3:b4:dc:32:d8:d7:43:45:c3:5f:47:c1:3e:18:b5:a5:ae:93:ab:4d:99:fb:a2:3d:23:27:0e:71

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=110111-2545155,CN=Smilegate Entertainment\, Inc.,O=Smilegate Entertainment\, Inc.,L=Seongnam-si,ST=Gyeonggi-do,C=KR,1.3.6.1.4.1.311.60.2.1.1=#130b53656f6e676e616d2d7369,1.3.6.1.4.1.311.60.2.1.2=#130b4779656f6e6767692d646f,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

28-02-2022 12:28
Valid: true

Chain 1

SERIALNUMBER=110111-2545155,CN=Smilegate Entertainment\, Inc.,O=Smilegate Entertainment\, Inc.,L=Seongnam-si,ST=Gyeonggi-do,C=KR,1.3.6.1.4.1.311.60.2.1.1=#130b53656f6e676e616d2d7369,1.3.6.1.4.1.311.60.2.1.2=#130b4779656f6e6767692d646f,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

93:78:47:60:51:9b:f4:e9:79:6b:5d:5a:a7:13:a4:bf:42:92:74:ae
Signer

Actual PE Digest

93:78:47:60:51:9b:f4:e9:79:6b:5d:5a:a7:13:a4:bf:42:92:74:ae

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=110111-2545155,CN=Smilegate Entertainment\, Inc.,O=Smilegate Entertainment\, Inc.,L=Seongnam-si,ST=Gyeonggi-do,C=KR,1.3.6.1.4.1.311.60.2.1.1=#130b53656f6e676e616d2d7369,1.3.6.1.4.1.311.60.2.1.2=#130b4779656f6e6767692d646f,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

28-02-2022 12:28
Valid: true

Chain 1

SERIALNUMBER=110111-2545155,CN=Smilegate Entertainment\, Inc.,O=Smilegate Entertainment\, Inc.,L=Seongnam-si,ST=Gyeonggi-do,C=KR,1.3.6.1.4.1.311.60.2.1.1=#130b53656f6e676e616d2d7369,1.3.6.1.4.1.311.60.2.1.2=#130b4779656f6e6767692d646f,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

??0CFWebArgument@WebView@@QEAA@$$QEAV01@@Z
??0CFWebArgument@WebView@@QEAA@AEBV01@@Z
??0CFWebArgument@WebView@@QEAA@XZ
??0CFWebView@WebView@@QEAA@AEBV01@@Z
??0CFWebView@WebView@@QEAA@XZ
??0CFWebViewCallback@WebView@@QEAA@$$QEAV01@@Z
??0CFWebViewCallback@WebView@@QEAA@AEBV01@@Z
??0CFWebViewCallback@WebView@@QEAA@XZ
??1CFWebView@WebView@@UEAA@XZ
??4CFWebArgument@WebView@@QEAAAEAV01@$$QEAV01@@Z
??4CFWebArgument@WebView@@QEAAAEAV01@AEBV01@@Z
??4CFWebView@WebView@@QEAAAEAV01@AEBV01@@Z
??4CFWebViewCallback@WebView@@QEAAAEAV01@$$QEAV01@@Z
??4CFWebViewCallback@WebView@@QEAAAEAV01@AEBV01@@Z
??_7CFWebArgument@WebView@@6B@
??_7CFWebView@WebView@@6B@
??_7CFWebViewCallback@WebView@@6B@
?GetData@CFWebView@WebView@@QEBA_KXZ
?IsBoolean@CFWebArgument@WebView@@QEBA_NXZ
?IsNumber@CFWebArgument@WebView@@QEBA_NXZ
?IsString@CFWebArgument@WebView@@QEBA_NXZ
?RequestResource@CFWebViewCallback@WebView@@UEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@DV?$allocator@D@std@@@4@@Z
?SetData@CFWebView@WebView@@QEAAX_K@Z
LTGetILTMemory
SetMasterDatabase

Sections

Size: 1.3MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 254KB - Virtual size: 902KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 18KB - Virtual size: 10.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 84KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:31:c2:f7:1e:6d:25:6b:77:8d:1b:27:7c:c2:8d:01Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:31:c2:f7:1e:6d:25:6b:77:8d:1b:27:7c:c2:8d:01Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

73:49:31:9e:a3:b4:dc:32:d8:d7:43:45:c3:5f:47:c1:3e:18:b5:a5:ae:93:ab:4d:99:fb:a2:3d:23:27:0e:71Signer

Signature Validations

Verification

28-02-2022 12:28 Valid: true

Chain 1

93:78:47:60:51:9b:f4:e9:79:6b:5d:5a:a7:13:a4:bf:42:92:74:aeSigner

Signature Validations

Verification

28-02-2022 12:28 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 1.3MB - Virtual size: 3.1MB

Size: 254KB - Virtual size: 902KB

Size: 18KB - Virtual size: 10.7MB

Size: 84KB - Virtual size: 150KB

.rsrc Size: 455KB - Virtual size: 455KB

.debug Size: 1KB - Virtual size: 4KB

.edata Size: 1KB - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 10.0MB

.boot Size: 6.2MB - Virtual size: 6.2MB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:31:c2:f7:1e:6d:25:6b:77:8d:1b:27:7c:c2:8d:01
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:31:c2:f7:1e:6d:25:6b:77:8d:1b:27:7c:c2:8d:01
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

73:49:31:9e:a3:b4:dc:32:d8:d7:43:45:c3:5f:47:c1:3e:18:b5:a5:ae:93:ab:4d:99:fb:a2:3d:23:27:0e:71
Signer

28-02-2022 12:28
Valid: true

93:78:47:60:51:9b:f4:e9:79:6b:5d:5a:a7:13:a4:bf:42:92:74:ae
Signer

28-02-2022 12:28
Valid: true

.rsrc
Size: 455KB - Virtual size: 455KB

.debug
Size: 1KB - Virtual size: 4KB

.edata
Size: 1KB - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 10.0MB

.boot
Size: 6.2MB - Virtual size: 6.2MB