2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5

Sharing

Copy URL

Twitter E-mail

General

Target

2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5
Size

3.4MB
MD5

bde658028be8d6983c7212e1f550be81
SHA1

0be7bb34651d1226cd2030ef495316536540668e
SHA256

2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5
SHA512

836af2244eda3ee6922c091604a24c89f42499a7cb1cf9194a0ab73b01232132abc4a616a326fdab2548cb614a65ea539d49f43d083dee54848f54181150b855
SSDEEP

24576:XOLIdRp4YlqJDWvXa5yu5/Bc5+D/k8Osdn78jHNjoUznYRbDwYEvzv5HO/TP13Hf:XoykDcuNBzDk8u+rx25WOYM2gwW2z7

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

2aba51a94cffeab90191cc734940b87a06bcf84611d666dd80671c1ea0b9fbf5
.exe windows x86

Code Sign

2d:c9:b4:16:50:4e:14:bd:40:b0:4c:a3:5b:46:62:e7
Certificate

Issuer

CN=Jbl Słuchawki nauszne JBL LIVE 900 Biały

Not Before

27-06-2022 13:49

Not After

28-06-2032 13:49

Subject

CN=Jbl Słuchawki nauszne JBL LIVE 900 Biały

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ac:f3:18:b1:45:ca:e0:cf:44:46:4c:cf:73:c9:f0:71:f9:f6:23:d7:66:19:e8:5a:04:f4:9a:b6:ba:d8:91:7e
Signer

Actual PE Digest

ac:f3:18:b1:45:ca:e0:cf:44:46:4c:cf:73:c9:f0:71:f9:f6:23:d7:66:19:e8:5a:04:f4:9a:b6:ba:d8:91:7e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Jbl Słuchawki nauszne JBL LIVE 900 Biały

30-06-2022 15:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 587KB - Virtual size: 587KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 9KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 270KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

2d:c9:b4:16:50:4e:14:bd:40:b0:4c:a3:5b:46:62:e7Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

ac:f3:18:b1:45:ca:e0:cf:44:46:4c:cf:73:c9:f0:71:f9:f6:23:d7:66:19:e8:5a:04:f4:9a:b6:ba:d8:91:7eSigner

Signature Validations

Verification

30-06-2022 15:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 587KB - Virtual size: 587KB

DATA Size: 7KB - Virtual size: 7KB

BSS Size: - Virtual size: 9KB

.idata Size: 9KB - Virtual size: 9KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 41KB - Virtual size: 40KB

.rsrc Size: 270KB - Virtual size: 269KB

.idata Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.themida Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 16B - Virtual size: 4KB

2d:c9:b4:16:50:4e:14:bd:40:b0:4c:a3:5b:46:62:e7
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

ac:f3:18:b1:45:ca:e0:cf:44:46:4c:cf:73:c9:f0:71:f9:f6:23:d7:66:19:e8:5a:04:f4:9a:b6:ba:d8:91:7e
Signer

30-06-2022 15:34
Valid: false

CODE
Size: 587KB - Virtual size: 587KB

DATA
Size: 7KB - Virtual size: 7KB

BSS
Size: - Virtual size: 9KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 41KB - Virtual size: 40KB

.rsrc
Size: 270KB - Virtual size: 269KB

.idata
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.themida
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 16B - Virtual size: 4KB