b0ee2320d085992fa411ff6ea3821c531e98813f1ed4385ccd65268dfa380e94

Sharing

Copy URL Twitter E-mail

General

Target

b0ee2320d085992fa411ff6ea3821c531e98813f1ed4385ccd65268dfa380e94
Size

3.9MB
MD5

11bbc80a6d58733e28d0978f31662a74
SHA1

246cb29245812087de1f2684cc7118d9af766f3b
SHA256

b0ee2320d085992fa411ff6ea3821c531e98813f1ed4385ccd65268dfa380e94
SHA512

5387494c716130755afed1ebf9f0176e49a5a026b5fd5d690a9a9e22e2e52e3b534a9f1c60e188afb827a33b388f0f43ff9fbf71e94807a2721058938bf118e1
SSDEEP

49152:dlltEYJCgKxWxzKEzwqwdKcc9ccINWTeV7dECiP+a11XAr/5HC36fkQY1bmARt89:HlCC8owvcmcIxd7w1BK5oF+dfStqd

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

b0ee2320d085992fa411ff6ea3821c531e98813f1ed4385ccd65268dfa380e94
.exe windows x86

Code Sign

3f:dc:7a:3e:7e:96:5e:b6:4e:3a:1a:ce:c7:32:b0:e3
Certificate

Issuer

CN=Logitech ZC-9015 USA State of Washington

Not Before

24/12/2022, 20:59

Not After

25/12/2032, 20:59

Subject

CN=Logitech ZC-9015 USA State of Washington

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d2:d4:f0:e1:77:10:67:a6:21:c5:66:ec:fd:f7:b3:ec:5f:bd:1d:cc:7d:96:52:00:34:24:22:39:5b:3a:7d:24
Signer

Actual PE Digest

d2:d4:f0:e1:77:10:67:a6:21:c5:66:ec:fd:f7:b3:ec:5f:bd:1d:cc:7d:96:52:00:34:24:22:39:5b:3a:7d:24

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Logitech ZC-9015 USA State of Washington

13/01/2023, 12:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 773KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 632KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 93KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 49KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

3f:dc:7a:3e:7e:96:5e:b6:4e:3a:1a:ce:c7:32:b0:e3Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

d2:d4:f0:e1:77:10:67:a6:21:c5:66:ec:fd:f7:b3:ec:5f:bd:1d:cc:7d:96:52:00:34:24:22:39:5b:3a:7d:24Signer

Signature Validations

Verification

13/01/2023, 12:37 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 773KB - Virtual size: 2.0MB

Size: 632KB - Virtual size: 1.5MB

Size: 93KB - Virtual size: 407KB

Size: 512B - Virtual size: 988B

Size: 49KB - Virtual size: 76KB

Size: 512B - Virtual size: 4B

.rsrc Size: 324KB - Virtual size: 324KB

.idata Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 3.5MB

.boot Size: 2.1MB - Virtual size: 2.1MB

3f:dc:7a:3e:7e:96:5e:b6:4e:3a:1a:ce:c7:32:b0:e3
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

d2:d4:f0:e1:77:10:67:a6:21:c5:66:ec:fd:f7:b3:ec:5f:bd:1d:cc:7d:96:52:00:34:24:22:39:5b:3a:7d:24
Signer

13/01/2023, 12:37
Valid: false

.rsrc
Size: 324KB - Virtual size: 324KB

.idata
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 3.5MB

.boot
Size: 2.1MB - Virtual size: 2.1MB