88e21ed3c426de5ef66a72fd451e4a97f8c7d60169942e47b7d85d6f33bd4873

Sharing

Copy URL

Twitter E-mail

General

Target

88e21ed3c426de5ef66a72fd451e4a97f8c7d60169942e47b7d85d6f33bd4873
Size

8.8MB
MD5

10b4f109f82f2dab060cdfe8b9167c61
SHA1

13373d528cd777ba22a6c4b7bab5231f63e4ae5b
SHA256

88e21ed3c426de5ef66a72fd451e4a97f8c7d60169942e47b7d85d6f33bd4873
SHA512

ea72beafccc6962ec10dca3de3c96c4f1dea587c57fc498e09af1c6d3e565a886d1fa8920f48fa256bb9ce73f72a66059d3f8431af200ffa6292e3eb8c7ab6d4
SSDEEP

196608:fnTm6cPlq0PhetcgP2RT+7GU7FrN9Hrmdq5m7Th2KeROQ:q3q0PZTiGUhrNpydqEvh28Q

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

88e21ed3c426de5ef66a72fd451e4a97f8c7d60169942e47b7d85d6f33bd4873
.exe windows x86

ab329f8f72fc310f12d40c1ee53207e9

Code Sign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ff:87:78:b4:fa:e6:3f:3e:5a:12:be
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

17-02-2022 09:19

Not After

20-04-2025 01:14

Subject

CN=COC COC COMPANY LIMITED,O=COC COC COMPANY LIMITED,L=HA NOI,ST=HA NOI,C=VN,1.2.840.113549.1.9.1=#0c1061646d696e40636f63636f632e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=Unknown issuer

Not Before

01-01-2013 10:00

Not After

01-04-2013 10:00

Subject

CN=Dummy certificate

Extended Key Usages

Key Usages

KeyUsageCertSign

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:44

Not After

08-05-2033 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20-02-2019 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0a:a7:89:40:07:08:71:e7:e3:d9:5c:d3:ec:4f:7f:0c:18:bd:5c:b6:87:83:7d:d1:32:21:c4:4b:68:2d:71:18
Signer

Actual PE Digest

0a:a7:89:40:07:08:71:e7:e3:d9:5c:d3:ec:4f:7f:0c:18:bd:5c:b6:87:83:7d:d1:32:21:c4:4b:68:2d:71:18

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=COC COC COMPANY LIMITED,O=COC COC COMPANY LIMITED,L=HA NOI,ST=HA NOI,C=VN,1.2.840.113549.1.9.1=#0c1061646d696e40636f63636f632e636f6d

01-08-2022 07:59
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

IsMenu
CharUpperBuffW

Sections

.text
Size: - Virtual size: 711KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: - Virtual size: 277B

.rout0
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rout1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rout2
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab329f8f72fc310f12d40c1ee53207e9

Code Sign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

08:ff:87:78:b4:fa:e6:3f:3e:5a:12:beCertificate

Extended Key Usages

Key Usages

01Certificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

0a:a7:89:40:07:08:71:e7:e3:d9:5c:d3:ec:4f:7f:0c:18:bd:5c:b6:87:83:7d:d1:32:21:c4:4b:68:2d:71:18Signer

Signature Validations

Verification

01-08-2022 07:59 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: - Virtual size: 711KB

.rdata Size: - Virtual size: 56KB

.data Size: - Virtual size: 8KB

.00cfg Size: - Virtual size: 8B

.themida Size: - Virtual size: 3.8MB

.tls Size: - Virtual size: 9B

.voltbl Size: - Virtual size: 277B

.rout0 Size: - Virtual size: 2.6MB

.rout1 Size: 1KB - Virtual size: 1KB

.rout2 Size: 8.7MB - Virtual size: 8.7MB

.rsrc Size: 50KB - Virtual size: 49KB

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

08:ff:87:78:b4:fa:e6:3f:3e:5a:12:be
Certificate

01
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

0a:a7:89:40:07:08:71:e7:e3:d9:5c:d3:ec:4f:7f:0c:18:bd:5c:b6:87:83:7d:d1:32:21:c4:4b:68:2d:71:18
Signer

01-08-2022 07:59
Valid: false

.text
Size: - Virtual size: 711KB

.rdata
Size: - Virtual size: 56KB

.data
Size: - Virtual size: 8KB

.00cfg
Size: - Virtual size: 8B

.themida
Size: - Virtual size: 3.8MB

.tls
Size: - Virtual size: 9B

.voltbl
Size: - Virtual size: 277B

.rout0
Size: - Virtual size: 2.6MB

.rout1
Size: 1KB - Virtual size: 1KB

.rout2
Size: 8.7MB - Virtual size: 8.7MB

.rsrc
Size: 50KB - Virtual size: 49KB