a8ef7985e7e029c6f66dd8571568d053c1a65b5d493553bb20fae8846a7ae2e4

Sharing

Copy URL

Twitter E-mail

General

Target

a8ef7985e7e029c6f66dd8571568d053c1a65b5d493553bb20fae8846a7ae2e4
Size

16.6MB
MD5

4d12325765be0951b3d05237dd68b3f8
SHA1

6e3280fa3953ac2b42c9f2002b0a8188c2742f25
SHA256

a8ef7985e7e029c6f66dd8571568d053c1a65b5d493553bb20fae8846a7ae2e4
SHA512

d0351cc8e8875a95473cabf40e58fc1fb7ffb94ddf124fafb400e0b7dda1377a9996a7d516026b437de9e4acff869ae29252949a71dee324727c073ed651b2f1
SSDEEP

98304:+JufaicMur3WcO4CDF45VDEbh72MElxtCu/qIYanzLxNDlJK6rWs1tyFRucs:+JFiYxCJ45u17JE/IQYOzV5lUFs6Kcs

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

a8ef7985e7e029c6f66dd8571568d053c1a65b5d493553bb20fae8846a7ae2e4
.exe windows x64

Code Sign

13:f4:0a:c8:e1:3a:d5:81:40:1c:42:24:88:00:3e:a0
Certificate

Issuer

CN=www.finished.com

Not Before

23/09/2022, 13:40

Not After

23/09/2023, 14:00

Subject

CN=www.finished.com

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7d:bd:dd:25:32:dc:a7:96:62:98:65:28:0a:2d:fa:f7:a0:dc:6b:dd:8b:de:f9:59:f0:b2:8f:23:4c:16:8f:41
Signer

Actual PE Digest

7d:bd:dd:25:32:dc:a7:96:62:98:65:28:0a:2d:fa:f7:a0:dc:6b:dd:8b:de:f9:59:f0:b2:8f:23:4c:16:8f:41

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=www.finished.com

23/09/2022, 10:48
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

_cgo_dummy_export
authorizerTrampoline
callbackTrampoline
commitHookTrampoline
compareTrampoline
doneTrampoline
preUpdateHookTrampoline
rollbackHookTrampoline
stepTrampoline
updateHookTrampoline

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 420KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 345B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 319KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

13:f4:0a:c8:e1:3a:d5:81:40:1c:42:24:88:00:3e:a0Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

7d:bd:dd:25:32:dc:a7:96:62:98:65:28:0a:2d:fa:f7:a0:dc:6b:dd:8b:de:f9:59:f0:b2:8f:23:4c:16:8f:41Signer

Signature Validations

Verification

23/09/2022, 10:48 Valid: false

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 5.6MB - Virtual size: 5.6MB

.data Size: 277KB - Virtual size: 277KB

.rdata Size: 7.6MB - Virtual size: 7.6MB

.pdata Size: 24KB - Virtual size: 24KB

.xdata Size: 27KB - Virtual size: 27KB

.bss Size: - Virtual size: 420KB

.edata Size: 512B - Virtual size: 345B

.idata Size: 7KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 319KB - Virtual size: 318KB

.reloc Size: 101KB - Virtual size: 101KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 3.9MB

.boot Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 16B - Virtual size: 4KB

13:f4:0a:c8:e1:3a:d5:81:40:1c:42:24:88:00:3e:a0
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

7d:bd:dd:25:32:dc:a7:96:62:98:65:28:0a:2d:fa:f7:a0:dc:6b:dd:8b:de:f9:59:f0:b2:8f:23:4c:16:8f:41
Signer

23/09/2022, 10:48
Valid: false

.text
Size: 5.6MB - Virtual size: 5.6MB

.data
Size: 277KB - Virtual size: 277KB

.rdata
Size: 7.6MB - Virtual size: 7.6MB

.pdata
Size: 24KB - Virtual size: 24KB

.xdata
Size: 27KB - Virtual size: 27KB

.bss
Size: - Virtual size: 420KB

.edata
Size: 512B - Virtual size: 345B

.idata
Size: 7KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 319KB - Virtual size: 318KB

.reloc
Size: 101KB - Virtual size: 101KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 3.9MB

.boot
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 16B - Virtual size: 4KB