f2930620f8d2059149b284d2a04990d8cbc6690f

Sharing

Copy URL

Twitter E-mail

General

Target

f2930620f8d2059149b284d2a04990d8cbc6690f
Size

3.6MB
MD5

741f7fd6af800ba69ccc3d4255da8ddd
SHA1

f2930620f8d2059149b284d2a04990d8cbc6690f
SHA256

50d68a1b46f0ff39819073c387dd61d47f45965ebe1cdff323954d94692510e5
SHA512

22a3da0fbc1ae353a80243083977e64eacd47458b984af6ae659444dfdc070ba728be8a4dd7f68f37bcb3ab1b260ea99b4b1492a21d12f0a125319f746b28059
SSDEEP

98304:3dRXdtX3XzpAmGE/Tx5ImYDFkf/WzzAHP2NE77/vGuj:z73NxzTx+6/MAv00Gg

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

f2930620f8d2059149b284d2a04990d8cbc6690f
.dll windows x86

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:79:95:b0:e7:0a:59:f8:23:4f:55:34:1d:80:b5:1e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08-03-2021 00:00

Not After

04-06-2024 23:59

Subject

CN=GlassWire,O=GlassWire,L=AUSTIN,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a5:02:87:c3:23:cf:07:d8:86:d8:96:50:3f:a4:7c:bf:c3:73:d9:c4:03:86:4f:cb:6c:7f:a8:f2:1f:b0:3b:b4
Signer

Actual PE Digest

a5:02:87:c3:23:cf:07:d8:86:d8:96:50:3f:a4:7c:bf:c3:73:d9:c4:03:86:4f:cb:6c:7f:a8:f2:1f:b0:3b:b4

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=GlassWire,O=GlassWire,L=AUSTIN,ST=Texas,C=US

29-07-2021 12:19
Valid: true

Chain 1

CN=GlassWire,O=GlassWire,L=AUSTIN,ST=Texas,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

CreatePackageMonitor

Sections

Size: 736KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 235KB - Virtual size: 834KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 49KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

03:79:95:b0:e7:0a:59:f8:23:4f:55:34:1d:80:b5:1eCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

a5:02:87:c3:23:cf:07:d8:86:d8:96:50:3f:a4:7c:bf:c3:73:d9:c4:03:86:4f:cb:6c:7f:a8:f2:1f:b0:3b:b4Signer

Signature Validations

Verification

29-07-2021 12:19 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 736KB - Virtual size: 1.8MB

Size: 235KB - Virtual size: 834KB

Size: 4KB - Virtual size: 27KB

Size: 1024B - Virtual size: 1KB

Size: 49KB - Virtual size: 72KB

.debug Size: 1KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 4.1MB

.boot Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 16B - Virtual size: 4KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

03:79:95:b0:e7:0a:59:f8:23:4f:55:34:1d:80:b5:1e
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

a5:02:87:c3:23:cf:07:d8:86:d8:96:50:3f:a4:7c:bf:c3:73:d9:c4:03:86:4f:cb:6c:7f:a8:f2:1f:b0:3b:b4
Signer

29-07-2021 12:19
Valid: true

.debug
Size: 1KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 4.1MB

.boot
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 16B - Virtual size: 4KB