5a3269689eeb0b116891cf656fdcdb472d452aa563bb56b9d25c1d83766c354c

Sharing

Copy URL

Twitter E-mail

General

Target

5a3269689eeb0b116891cf656fdcdb472d452aa563bb56b9d25c1d83766c354c
Size

5.3MB
MD5

0bff1d9de75f50b96dbad3bbee4e7813
SHA1

211c9882266d68f405e03a6c65ca6c17e906e70c
SHA256

5a3269689eeb0b116891cf656fdcdb472d452aa563bb56b9d25c1d83766c354c
SHA512

d22984ab0ba91f20dc37cc25c82bced14b401b0c29452c62027e32659767687d64fb64c897620b44ac0e2b31c2c9b9e85065a7e5efd24aa7d5dcb456729f15c0
SSDEEP

98304:wglTQ4OjZd+4GUFON+64hAp2O2eyI2RD0eWLHPDKti/Oqkcun2+FSq:wOu/bDmp1bLHH5JunCq

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

5a3269689eeb0b116891cf656fdcdb472d452aa563bb56b9d25c1d83766c354c
.exe windows x64

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:9a:ba:00:11:cc:17:e0:a2:36:a6:eb:37:0b:0d:a2
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

24-01-2022 00:00

Not After

24-01-2023 23:59

Subject

CN=Hubert Moszka Northwood,O=Hubert Moszka Northwood,ST=Wielkopolskie,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19-05-2021 05:42

Not After

18-05-2032 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-05-2021 06:43

Not After

17-09-2029 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:15:3b:e2:9c:77:e0:6a:36:cf:f4:2a:67:e4:bc:34:0b:0b:24:82:f8:53:45:b0:aa:2c:bc:63:a3:1a:2f:c4
Signer

Actual PE Digest

55:15:3b:e2:9c:77:e0:6a:36:cf:f4:2a:67:e4:bc:34:0b:0b:24:82:f8:53:45:b0:aa:2c:bc:63:a3:1a:2f:c4

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Hubert Moszka Northwood,O=Hubert Moszka Northwood,ST=Wielkopolskie,C=PL

28-07-2022 15:42
Valid: true

Chain 1

CN=Hubert Moszka Northwood,O=Hubert Moszka Northwood,ST=Wielkopolskie,C=PL

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

Size: 171KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 18KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 21KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 134KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

2a:9a:ba:00:11:cc:17:e0:a2:36:a6:eb:37:0b:0d:a2Certificate

Extended Key Usages

Key Usages

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

55:15:3b:e2:9c:77:e0:6a:36:cf:f4:2a:67:e4:bc:34:0b:0b:24:82:f8:53:45:b0:aa:2c:bc:63:a3:1a:2f:c4Signer

Signature Validations

Verification

28-07-2022 15:42 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 171KB - Virtual size: 595KB

Size: 18KB - Virtual size: 53KB

Size: 1KB - Virtual size: 8KB

Size: 21KB - Virtual size: 43KB

Size: 134KB - Virtual size: 265KB

Size: 1024B - Virtual size: 788B

.edata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 133KB - Virtual size: 133KB

.themida Size: - Virtual size: 8.4MB

.boot Size: 4.9MB - Virtual size: 4.9MB

.reloc Size: 16B - Virtual size: 4KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

2a:9a:ba:00:11:cc:17:e0:a2:36:a6:eb:37:0b:0d:a2
Certificate

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

55:15:3b:e2:9c:77:e0:6a:36:cf:f4:2a:67:e4:bc:34:0b:0b:24:82:f8:53:45:b0:aa:2c:bc:63:a3:1a:2f:c4
Signer

28-07-2022 15:42
Valid: true

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 133KB - Virtual size: 133KB

.themida
Size: - Virtual size: 8.4MB

.boot
Size: 4.9MB - Virtual size: 4.9MB

.reloc
Size: 16B - Virtual size: 4KB