b388723551a4f3255525c6a50b48e58b02b132a8

Sharing

Copy URL

Twitter E-mail

General

Target

b388723551a4f3255525c6a50b48e58b02b132a8
Size

6.7MB
MD5

8abb9a077c2e55cce483f9b80f002236
SHA1

b388723551a4f3255525c6a50b48e58b02b132a8
SHA256

0f5f827620e6ecae9b58643c77b73f3bb4ba9d2acfd13671cde6676053fa1b0b
SHA512

85563bf040dd27a094aefeb52018dad5f29559cb724875c67e54342af17ac3200fcec399989daa9d8fd6fe31e80f894cb2b31ac64b3d28a1456be235d273f948
SSDEEP

98304:bCMdrWnjpZgTbqUXXTxTN/0dkpVWKUXRb8T+EGbDMt2LK+zgCRR+insPi0R4J2y5:XdWpZqzTk2WKUBbzF3XLT0csax+fcjj

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

b388723551a4f3255525c6a50b48e58b02b132a8
.exe windows x86

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:79:95:b0:e7:0a:59:f8:23:4f:55:34:1d:80:b5:1e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08-03-2021 00:00

Not After

04-06-2024 23:59

Subject

CN=GlassWire,O=GlassWire,L=AUSTIN,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

86:db:68:c0:7f:25:de:75:fa:4a:dc:54:01:35:39:4e:cb:02:56:5e:40:6e:81:93:94:d2:e6:d3:90:f2:bc:8a
Signer

Actual PE Digest

86:db:68:c0:7f:25:de:75:fa:4a:dc:54:01:35:39:4e:cb:02:56:5e:40:6e:81:93:94:d2:e6:d3:90:f2:bc:8a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=GlassWire,O=GlassWire,L=AUSTIN,ST=Texas,C=US

29-07-2021 12:18
Valid: true

Chain 1

CN=GlassWire,O=GlassWire,L=AUSTIN,ST=Texas,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??_FEventLog@glasswire@@QAEXXZ
?dfunc@EventLog@glasswire@@AAEPAVEventLogPrivate@2@XZ
?dfunc@EventLog@glasswire@@ABEPBVEventLogPrivate@2@XZ

Sections

Size: 3.0MB - Virtual size: 10.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 694KB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 55KB - Virtual size: 406KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 194KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

03:79:95:b0:e7:0a:59:f8:23:4f:55:34:1d:80:b5:1eCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

86:db:68:c0:7f:25:de:75:fa:4a:dc:54:01:35:39:4e:cb:02:56:5e:40:6e:81:93:94:d2:e6:d3:90:f2:bc:8aSigner

Signature Validations

Verification

29-07-2021 12:18 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 3.0MB - Virtual size: 10.3MB

Size: 694KB - Virtual size: 5.2MB

Size: 55KB - Virtual size: 406KB

Size: 1024B - Virtual size: 1KB

Size: 194KB - Virtual size: 393KB

.debug Size: 1KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 4.7MB

.boot Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 16B - Virtual size: 4KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

03:79:95:b0:e7:0a:59:f8:23:4f:55:34:1d:80:b5:1e
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

86:db:68:c0:7f:25:de:75:fa:4a:dc:54:01:35:39:4e:cb:02:56:5e:40:6e:81:93:94:d2:e6:d3:90:f2:bc:8a
Signer

29-07-2021 12:18
Valid: true

.debug
Size: 1KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 4.7MB

.boot
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 16B - Virtual size: 4KB