d1431698bd774042b19e47fea3e80fb8dac3289ae57a21ad56e8ec96a5debc4a

Sharing

Copy URL

Twitter E-mail

General

Target

d1431698bd774042b19e47fea3e80fb8dac3289ae57a21ad56e8ec96a5debc4a
Size

17.8MB
MD5

a98b13e2a1c372b62e6356c4436c5518
SHA1

a5774d104cda299b71dec6adcda61af795bb3fcd
SHA256

d1431698bd774042b19e47fea3e80fb8dac3289ae57a21ad56e8ec96a5debc4a
SHA512

fd24ca2678ba738f2fb57460dc7228431f9a2ff8c4f2dbcb9f70d2ac0d925cc27a856d9a41c0403daf0667c50e7e3418f5983d7ee3397565eae0a2aecc37a268
SSDEEP

98304:qJufaicMur3WcO4CDF45VDEbh72MEr7rk4beOUUYmzNhn4ef5x3p7Lx4cwsoPkTo:qJFiYxCJ45u17JEr7Y45rNB37L2ZZkTo

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

d1431698bd774042b19e47fea3e80fb8dac3289ae57a21ad56e8ec96a5debc4a
.exe windows x64

Code Sign

52:f4:72:c7:a4:08:0a:a3:4d:79:61:b9:81:30:10:bc
Certificate

Issuer

CN=www.spiteful.com

Not Before

28-09-2022 19:16

Not After

28-09-2023 19:36

Subject

CN=www.spiteful.com

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:67:e6:65:8f:99:48:b1:de:9a:98:f9:a2:19:d0:bf:49:0f:54:7d:36:a4:0d:ec:ba:de:1c:a2:3a:6b:81:4e
Signer

Actual PE Digest

47:67:e6:65:8f:99:48:b1:de:9a:98:f9:a2:19:d0:bf:49:0f:54:7d:36:a4:0d:ec:ba:de:1c:a2:3a:6b:81:4e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=www.spiteful.com

29-09-2022 18:51
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

_cgo_dummy_export
authorizerTrampoline
callbackTrampoline
commitHookTrampoline
compareTrampoline
doneTrampoline
preUpdateHookTrampoline
rollbackHookTrampoline
stepTrampoline
updateHookTrampoline

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 420KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 345B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 319KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

52:f4:72:c7:a4:08:0a:a3:4d:79:61:b9:81:30:10:bcCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

47:67:e6:65:8f:99:48:b1:de:9a:98:f9:a2:19:d0:bf:49:0f:54:7d:36:a4:0d:ec:ba:de:1c:a2:3a:6b:81:4eSigner

Signature Validations

Verification

29-09-2022 18:51 Valid: false

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 5.6MB - Virtual size: 5.6MB

.data Size: 277KB - Virtual size: 277KB

.rdata Size: 7.6MB - Virtual size: 7.6MB

.pdata Size: 24KB - Virtual size: 24KB

.xdata Size: 27KB - Virtual size: 27KB

.bss Size: - Virtual size: 420KB

.edata Size: 512B - Virtual size: 345B

.idata Size: 7KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 319KB - Virtual size: 318KB

.reloc Size: 101KB - Virtual size: 101KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 6.6MB

.boot Size: 3.8MB - Virtual size: 3.8MB

.reloc Size: 16B - Virtual size: 4KB

52:f4:72:c7:a4:08:0a:a3:4d:79:61:b9:81:30:10:bc
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

47:67:e6:65:8f:99:48:b1:de:9a:98:f9:a2:19:d0:bf:49:0f:54:7d:36:a4:0d:ec:ba:de:1c:a2:3a:6b:81:4e
Signer

29-09-2022 18:51
Valid: false

.text
Size: 5.6MB - Virtual size: 5.6MB

.data
Size: 277KB - Virtual size: 277KB

.rdata
Size: 7.6MB - Virtual size: 7.6MB

.pdata
Size: 24KB - Virtual size: 24KB

.xdata
Size: 27KB - Virtual size: 27KB

.bss
Size: - Virtual size: 420KB

.edata
Size: 512B - Virtual size: 345B

.idata
Size: 7KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 319KB - Virtual size: 318KB

.reloc
Size: 101KB - Virtual size: 101KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 6.6MB

.boot
Size: 3.8MB - Virtual size: 3.8MB

.reloc
Size: 16B - Virtual size: 4KB