5d8939223c8ec567b8cee06d775a3cdba1e2ac5ebc3984d9e9224c604f831e14

Sharing

Copy URL Twitter E-mail

General

Target

5d8939223c8ec567b8cee06d775a3cdba1e2ac5ebc3984d9e9224c604f831e14
Size

7.0MB
MD5

5f81b966e93f31091ce46e5cf9f8c6fc
SHA1

43c233348e35e06ad5b78bc1c16de59dae588acd
SHA256

5d8939223c8ec567b8cee06d775a3cdba1e2ac5ebc3984d9e9224c604f831e14
SHA512

3fa3a20fde3361a4fb88afef9f5d40495d526b52770b6874fc50ed9d2a8937332fa9933e7ab71581fc01dfdee6864cd4ef245bc3ccea157dc1f11962126a7b37
SSDEEP

196608:PUvzdnXUhg9gvu/2hqFRWA5ZysT+uV8No:PU7dXUg9ubhqFR9yMVUo

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

5d8939223c8ec567b8cee06d775a3cdba1e2ac5ebc3984d9e9224c604f831e14
.exe windows x64

Code Sign

4b:ec:ba:79:34:44:83:86:4d:b3:66:95:18:1a:6f:2a
Certificate

Issuer

CN=Samsung NET Q32R404FHWI RC65R539FHIZCI

Not Before

27/02/2023, 19:26

Not After

28/02/2033, 19:26

Subject

CN=Samsung NET Q32R404FHWI RC65R539FHIZCI

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:5d:4f:29:ff:42:29:b4:94:2c:a0:92:5d:86:29:83:6f:46:fd:55:8e:60:be:4a:65:11:39:0f:8f:12:c0:b0
Signer

Actual PE Digest

41:5d:4f:29:ff:42:29:b4:94:2c:a0:92:5d:86:29:83:6f:46:fd:55:8e:60:be:4a:65:11:39:0f:8f:12:c0:b0

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Samsung NET Q32R404FHWI RC65R539FHIZCI

27/02/2023, 09:30
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 791KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 807KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 77KB - Virtual size: 663KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 295B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 827KB - Virtual size: 827KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 521KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 130KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 57KB - Virtual size: 327KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 633KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

4b:ec:ba:79:34:44:83:86:4d:b3:66:95:18:1a:6f:2aCertificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

41:5d:4f:29:ff:42:29:b4:94:2c:a0:92:5d:86:29:83:6f:46:fd:55:8e:60:be:4a:65:11:39:0f:8f:12:c0:b0Signer

Signature Validations

Verification

27/02/2023, 09:30 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 791KB - Virtual size: 2.3MB

Size: 807KB - Virtual size: 2.2MB

Size: 77KB - Virtual size: 663KB

Size: 512B - Virtual size: 295B

Size: 400KB - Virtual size: 400KB

Size: 80KB - Virtual size: 80KB

Size: 512B - Virtual size: 48B

Size: 827KB - Virtual size: 827KB

Size: 521KB - Virtual size: 523KB

Size: 130KB - Virtual size: 133KB

Size: 512B - Virtual size: 1KB

Size: 9KB - Virtual size: 43KB

Size: 57KB - Virtual size: 327KB

.rsrc Size: 633KB - Virtual size: 632KB

.idata Size: 512B - Virtual size: 4KB

.themida Size: 2.7MB - Virtual size: 2.7MB

4b:ec:ba:79:34:44:83:86:4d:b3:66:95:18:1a:6f:2a
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

41:5d:4f:29:ff:42:29:b4:94:2c:a0:92:5d:86:29:83:6f:46:fd:55:8e:60:be:4a:65:11:39:0f:8f:12:c0:b0
Signer

27/02/2023, 09:30
Valid: false

.rsrc
Size: 633KB - Virtual size: 632KB

.idata
Size: 512B - Virtual size: 4KB

.themida
Size: 2.7MB - Virtual size: 2.7MB