cb691234a2b71c78e2b8dc385a3a619cedc01cbec7c4eddef5c93ce9261bf50d

Sharing

Copy URL

Twitter E-mail

General

Target

cb691234a2b71c78e2b8dc385a3a619cedc01cbec7c4eddef5c93ce9261bf50d
Size

5.9MB
MD5

cfc12312e1e6b7e6cb2233edd2e2b157
SHA1

b1cdda4c80c4a0e132d62d33e53ab092b00b6efd
SHA256

cb691234a2b71c78e2b8dc385a3a619cedc01cbec7c4eddef5c93ce9261bf50d
SHA512

5bc0a02e6bd54beaad09d7a917f84f8cc30ba7785b6f2a35e8b5f230703e286ab006b41b9121f30ee84327878b2802f9ddb9ec0322808044bc04a768b722f912
SSDEEP

98304:HJUKA9w72nZi2JHpjLpr/K9Rqas8hCDp/QngJ//fO3TZ99Amj7p17zEgmOwF:HJUKow72NpZr/K9wjGy9oM/Etj7vzE0O

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

cb691234a2b71c78e2b8dc385a3a619cedc01cbec7c4eddef5c93ce9261bf50d
.exe windows x86

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:58:b5:34:6f:4d:e8:7c:85:0f:aa:5a:99:4f:d9:35
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18-06-2021 00:00

Not After

02-06-2022 23:59

Subject

SERIALNUMBER=1300793-6,CN=Stream Synergy Inc.,O=Stream Synergy Inc.,L=Markham,ST=Ontario,C=CA,1.3.6.1.4.1.311.60.2.1.3=#13024341,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

56:23:b4:78:39:e7:c8:fb:eb:6f:04:e3:8f:31:39:60:b0:6f:61:f9:73:d8:bd:d6:56:b7:cb:f2:69:60:f4:c3
Signer

Actual PE Digest

56:23:b4:78:39:e7:c8:fb:eb:6f:04:e3:8f:31:39:60:b0:6f:61:f9:73:d8:bd:d6:56:b7:cb:f2:69:60:f4:c3

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=1300793-6,CN=Stream Synergy Inc.,O=Stream Synergy Inc.,L=Markham,ST=Ontario,C=CA,1.3.6.1.4.1.311.60.2.1.3=#13024341,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01-01-0001 00:00
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 18KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 244KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29Certificate

Extended Key Usages

Key Usages

0d:58:b5:34:6f:4d:e8:7c:85:0f:aa:5a:99:4f:d9:35Certificate

Extended Key Usages

Key Usages

56:23:b4:78:39:e7:c8:fb:eb:6f:04:e3:8f:31:39:60:b0:6f:61:f9:73:d8:bd:d6:56:b7:cb:f2:69:60:f4:c3Signer

Signature Validations

Verification

01-01-0001 00:00 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 18KB - Virtual size: 27KB

Size: 1KB - Virtual size: 6KB

Size: 512B - Virtual size: 127KB

.ndata Size: - Virtual size: 244KB

Size: 3.6MB - Virtual size: 3.6MB

.idata Size: 512B - Virtual size: 4KB

.rsrc Size: 145KB - Virtual size: 145KB

.themida Size: 2.1MB - Virtual size: 2.1MB

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

0d:58:b5:34:6f:4d:e8:7c:85:0f:aa:5a:99:4f:d9:35
Certificate

56:23:b4:78:39:e7:c8:fb:eb:6f:04:e3:8f:31:39:60:b0:6f:61:f9:73:d8:bd:d6:56:b7:cb:f2:69:60:f4:c3
Signer

01-01-0001 00:00
Valid: false

.ndata
Size: - Virtual size: 244KB

.idata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 145KB - Virtual size: 145KB

.themida
Size: 2.1MB - Virtual size: 2.1MB