hdghgfdhfghdfghdg[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

hdghgfdhfghdfghdg.exe
Size

5.4MB
MD5

0aa26750fa55dbc9d65c8f1d4b1b8a32
SHA1

61a18e5a47b39d34998ef50fcb5d7dbbbb8684ac
SHA256

6c4cf7b175c499172b59d7f5f5ece3b6717345b6ea0b6e53d56b315516dd870e
SHA512

d03b70f3a8d3c71c63f9dfd92de0bd133274be23ba145ecb3c6f4fd96b6c37fd2c7d85b74202a01f8af1227beecde3ba1d5a18b7eba6f226dc4758e8a6e30637
SSDEEP

98304:xRcScwlZH8VMK5JkL36b40ZcqRk92Cf92B0Dg43Yg+1E:x93crkLKb4z92IK5YVf

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

hdghgfdhfghdfghdg.exe
.exe windows x86

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d5:34:c4:31:37:ba:57:e7:37:33:c1:28:05:fa:79:a1
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

03/08/2021, 00:00

Not After

03/08/2022, 23:59

Subject

CN=Rafael Patricio Ahucha Ruiz,O=Rafael Patricio Ahucha Ruiz,ST=Cádiz,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3c:c4:b8:02:a3:a8:9b:10:06:85:01:be:75:9a:1c:7f:f8:b5:e7:db
Signer

Actual PE Digest

3c:c4:b8:02:a3:a8:9b:10:06:85:01:be:75:9a:1c:7f:f8:b5:e7:db

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Rafael Patricio Ahucha Ruiz,O=Rafael Patricio Ahucha Ruiz,ST=Cádiz,C=ES

26/04/2022, 10:02
Valid: true

Chain 1

CN=Rafael Patricio Ahucha Ruiz,O=Rafael Patricio Ahucha Ruiz,ST=Cádiz,C=ES

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

d5:34:c4:31:37:ba:57:e7:37:33:c1:28:05:fa:79:a1Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

3c:c4:b8:02:a3:a8:9b:10:06:85:01:be:75:9a:1c:7f:f8:b5:e7:dbSigner

Signature Validations

Verification

26/04/2022, 10:02 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

Size: 512B - Virtual size: 578B

.reloc Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 8KB

.themida Size: 4.1MB - Virtual size: 4.1MB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

d5:34:c4:31:37:ba:57:e7:37:33:c1:28:05:fa:79:a1
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

3c:c4:b8:02:a3:a8:9b:10:06:85:01:be:75:9a:1c:7f:f8:b5:e7:db
Signer

26/04/2022, 10:02
Valid: true

.text
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 512B - Virtual size: 12B

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 8KB

.themida
Size: 4.1MB - Virtual size: 4.1MB