15d06d1741cc8b5495da9c79c6f630e33060e80c73da9666500f6f0bdf5ff259

Sharing

Copy URL

Twitter E-mail

General

Target

15d06d1741cc8b5495da9c79c6f630e33060e80c73da9666500f6f0bdf5ff259
Size

3.9MB
MD5

095715a96975ef7b9e17d0a39739e0cc
SHA1

aa090944875fb9bd5b1e8b3775592eea5ceeb186
SHA256

15d06d1741cc8b5495da9c79c6f630e33060e80c73da9666500f6f0bdf5ff259
SHA512

ab76c374c995501ef57c4f46602e0df16188ccb6f69bb4c9c84073e48c664000912353a47ed5758c48735c64ca1167f73b02c41d4cfefea9978e3a219c12ce11
SSDEEP

98304:E4qF9pTQkaj59ejBOWzjTCgeH6i9rDKUkd:LqF9pknj59SjPe5Zkd

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

15d06d1741cc8b5495da9c79c6f630e33060e80c73da9666500f6f0bdf5ff259
.exe windows x64

Code Sign

45:4f:68:c4:61:4e:03:90:41:e5:af:85:1c:b9:dc:28
Certificate

Issuer

CN=Logitech Z-906

Not Before

02-12-2021 17:49

Not After

03-12-2031 17:49

Subject

CN=Logitech Z-906

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:54:67:f1:f8:5d:64:bc:9b:f8:71:84:6e:7c:fb:8a:49:33:ab:6c:1b:98:a5:3d:7e:32:d6:f7:1f:7e:d5:6e
Signer

Actual PE Digest

13:54:67:f1:f8:5d:64:bc:9b:f8:71:84:6e:7c:fb:8a:49:33:ab:6c:1b:98:a5:3d:7e:32:d6:f7:1f:7e:d5:6e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Logitech Z-906

30-06-2022 15:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

_cgo_dummy_export
authorizerTrampoline
callbackTrampoline
commitHookTrampoline
compareTrampoline
doneTrampoline
preUpdateHookTrampoline
rollbackHookTrampoline
stepTrampoline
updateHookTrampoline

Sections

Size: 1.1MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 167KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 623KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 400KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 345B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 19KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 673KB - Virtual size: 673KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 24B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

45:4f:68:c4:61:4e:03:90:41:e5:af:85:1c:b9:dc:28Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

13:54:67:f1:f8:5d:64:bc:9b:f8:71:84:6e:7c:fb:8a:49:33:ab:6c:1b:98:a5:3d:7e:32:d6:f7:1f:7e:d5:6eSigner

Signature Validations

Verification

30-06-2022 15:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 1.1MB - Virtual size: 3.2MB

Size: 167KB - Virtual size: 343KB

Size: 623KB - Virtual size: 2.4MB

Size: 8KB - Virtual size: 22KB

Size: 3KB - Virtual size: 24KB

.bss Size: - Virtual size: 400KB

Size: 512B - Virtual size: 345B

Size: 512B - Virtual size: 5KB

Size: 512B - Virtual size: 104B

Size: 512B - Virtual size: 104B

Size: 19KB - Virtual size: 129KB

.rsrc Size: 673KB - Virtual size: 673KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 3.1MB

.boot Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 24B - Virtual size: 4KB

45:4f:68:c4:61:4e:03:90:41:e5:af:85:1c:b9:dc:28
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

13:54:67:f1:f8:5d:64:bc:9b:f8:71:84:6e:7c:fb:8a:49:33:ab:6c:1b:98:a5:3d:7e:32:d6:f7:1f:7e:d5:6e
Signer

30-06-2022 15:34
Valid: false

.bss
Size: - Virtual size: 400KB

.rsrc
Size: 673KB - Virtual size: 673KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 3.1MB

.boot
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 24B - Virtual size: 4KB