35ffc986d369b7ebda2e69d37cfac6b8[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

35ffc986d369b7ebda2e69d37cfac6b8.exe
Size

2.6MB
MD5

35ffc986d369b7ebda2e69d37cfac6b8
SHA1

fe80513205e9176a156f2e00ea9762baa6131a0f
SHA256

5b037a43064259317c81f5f4192fc8b54cd218d3d9772201ec52b0680453ceb4
SHA512

fed41f9b20cf370f93507663bf583f762d61fda3df1908aed4238992fe1f15822f8a783c802e9789f8b10aaa4d128831365c6866d1abea46044093a927622640
SSDEEP

49152:iPB0IYeO8z/zi4YZ86/fhLJkOc1C8/sEr8D3Vh05iJA8YdjTN2:/e5rZw/fhLCOQCtBFK8WjTN2

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

35ffc986d369b7ebda2e69d37cfac6b8.exe
.exe windows x86

Code Sign

71:60:ca:3b:9f:da:4f:67:b1:b2:2c:b6:9f:4e:9b:e7
Certificate

Issuer

CN=www.coniwaub.com

Not Before

31-12-2018 21:00

Not After

31-12-2098 21:00

Subject

CN=www.coniwaub.com

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

68:a7:fb:0f:e8:3a:c8:1f:30:26:f5:c0:c5:1c:1a:1b:81:06:e9:0a:ac:08:d5:30:5b:e4:5d:c1:1d:02:0e:d9
Signer

Actual PE Digest

68:a7:fb:0f:e8:3a:c8:1f:30:26:f5:c0:c5:1c:1a:1b:81:06:e9:0a:ac:08:d5:30:5b:e4:5d:c1:1d:02:0e:d9

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=www.coniwaub.com

05-08-2022 12:36
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vm_sec
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 772KB - Virtual size: 772KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

71:60:ca:3b:9f:da:4f:67:b1:b2:2c:b6:9f:4e:9b:e7Certificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

68:a7:fb:0f:e8:3a:c8:1f:30:26:f5:c0:c5:1c:1a:1b:81:06:e9:0a:ac:08:d5:30:5b:e4:5d:c1:1d:02:0e:d9Signer

Signature Validations

Verification

05-08-2022 12:36 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 315KB - Virtual size: 314KB

.vm_sec Size: 16KB - Virtual size: 16KB

.idata Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 2.0MB

.boot Size: 772KB - Virtual size: 772KB

71:60:ca:3b:9f:da:4f:67:b1:b2:2c:b6:9f:4e:9b:e7
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

68:a7:fb:0f:e8:3a:c8:1f:30:26:f5:c0:c5:1c:1a:1b:81:06:e9:0a:ac:08:d5:30:5b:e4:5d:c1:1d:02:0e:d9
Signer

05-08-2022 12:36
Valid: false

.text
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 315KB - Virtual size: 314KB

.vm_sec
Size: 16KB - Virtual size: 16KB

.idata
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 2.0MB

.boot
Size: 772KB - Virtual size: 772KB