5bd3d8b3aac3565a9a07fe0b888adc186fd3afab24b8f5545e91a745503d13a6

Sharing

Copy URL

Twitter E-mail

General

Target

5bd3d8b3aac3565a9a07fe0b888adc186fd3afab24b8f5545e91a745503d13a6
Size

5.2MB
MD5

fe47daf12c57b5b65f30a5722ac813f8
SHA1

0640dd5724df5f2817f983d33a0f6bab6dfd5dbe
SHA256

5bd3d8b3aac3565a9a07fe0b888adc186fd3afab24b8f5545e91a745503d13a6
SHA512

fab667e805e14c5ca56b0ee128885ff78f13c3826a2580eeaaa3212353db335b4f12fbf78dca137a21b11f9bc17f3611b51fa6c6f79fcb682ebd4fb45e9ca3d6
SSDEEP

98304:aVGBQk9XEyM/9gdbyzmA7S8zwYbN0berJyOjt2DZ0XXe3Za:aVqXEyM/9g1yyf8zVJKKJn5kZ0eJa

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

5bd3d8b3aac3565a9a07fe0b888adc186fd3afab24b8f5545e91a745503d13a6
.exe windows x64

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:9a:ba:00:11:cc:17:e0:a2:36:a6:eb:37:0b:0d:a2
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

24-01-2022 00:00

Not After

24-01-2023 23:59

Subject

CN=Hubert Moszka Northwood,O=Hubert Moszka Northwood,ST=Wielkopolskie,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19-05-2021 05:42

Not After

18-05-2032 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-05-2021 06:43

Not After

17-09-2029 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:ba:dc:06:03:08:59:fd:43:85:b4:76:f2:0e:d2:1c:20:90:26:1e:f6:4e:85:7b:d0:6d:88:6b:0c:ba:4a:67
Signer

Actual PE Digest

1c:ba:dc:06:03:08:59:fd:43:85:b4:76:f2:0e:d2:1c:20:90:26:1e:f6:4e:85:7b:d0:6d:88:6b:0c:ba:4a:67

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Hubert Moszka Northwood,O=Hubert Moszka Northwood,ST=Wielkopolskie,C=PL

30-07-2022 11:08
Valid: true

Chain 1

CN=Hubert Moszka Northwood,O=Hubert Moszka Northwood,ST=Wielkopolskie,C=PL

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

Size: 171KB - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 18KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 21KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 134KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

2a:9a:ba:00:11:cc:17:e0:a2:36:a6:eb:37:0b:0d:a2Certificate

Extended Key Usages

Key Usages

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

1c:ba:dc:06:03:08:59:fd:43:85:b4:76:f2:0e:d2:1c:20:90:26:1e:f6:4e:85:7b:d0:6d:88:6b:0c:ba:4a:67Signer

Signature Validations

Verification

30-07-2022 11:08 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 171KB - Virtual size: 597KB

Size: 18KB - Virtual size: 53KB

Size: 1KB - Virtual size: 8KB

Size: 21KB - Virtual size: 43KB

Size: 134KB - Virtual size: 265KB

Size: 1024B - Virtual size: 788B

.edata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 133KB - Virtual size: 133KB

.themida Size: - Virtual size: 8.2MB

.boot Size: 4.8MB - Virtual size: 4.8MB

.reloc Size: 16B - Virtual size: 4KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

2a:9a:ba:00:11:cc:17:e0:a2:36:a6:eb:37:0b:0d:a2
Certificate

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

1c:ba:dc:06:03:08:59:fd:43:85:b4:76:f2:0e:d2:1c:20:90:26:1e:f6:4e:85:7b:d0:6d:88:6b:0c:ba:4a:67
Signer

30-07-2022 11:08
Valid: true

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 133KB - Virtual size: 133KB

.themida
Size: - Virtual size: 8.2MB

.boot
Size: 4.8MB - Virtual size: 4.8MB

.reloc
Size: 16B - Virtual size: 4KB