6ad4906b570eaa52a5c78e98f2273daf5c60248615a502e123d5b7d8b53d9fff

Sharing

Copy URL Twitter E-mail

General

Target

6ad4906b570eaa52a5c78e98f2273daf5c60248615a502e123d5b7d8b53d9fff
Size

5.2MB
MD5

cc290b4105ef5a94aba6d767c8bbc2de
SHA1

5dfee2fa5c295665c84e1eb1ef8e0098dd2e5848
SHA256

6ad4906b570eaa52a5c78e98f2273daf5c60248615a502e123d5b7d8b53d9fff
SHA512

644f97c6bd4fd273c6e8444c01cc372ffb8af867c0739d4e1ac4a761a221f9ebf042eb644a601a52bd9aaad647f1b60012ceee029b59aea6a269a5d1d5b41066
SSDEEP

98304:ggx2R7dmm8wDy4itwxdl8OGhMVvFTmeBLy4h+5YXTtGLW9ejhky6V/lDx3SHSylR:z2huwDktaRvkDYcBL

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

6ad4906b570eaa52a5c78e98f2273daf5c60248615a502e123d5b7d8b53d9fff
.exe windows x64

Code Sign

75:05:b9:1a:a4:4f:67:a1:47:69:c7:bd:c4:75:52:b2
Certificate

Issuer

CN=Samsung MUI Q32R404FHWI RC65R539FHIZCI

Not Before

03/03/2023, 14:53

Not After

04/03/2033, 14:53

Subject

CN=Samsung MUI Q32R404FHWI RC65R539FHIZCI

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:4b:2f:64:5c:1f:93:c5:11:f3:d4:4f:e0:29:22:e0:9d:6c:62:91:23:e5:bd:26:66:67:72:18:13:d1:f9:d7
Signer

Actual PE Digest

0d:4b:2f:64:5c:1f:93:c5:11:f3:d4:4f:e0:29:22:e0:9d:6c:62:91:23:e5:bd:26:66:67:72:18:13:d1:f9:d7

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Samsung MUI Q32R404FHWI RC65R539FHIZCI

27/02/2023, 09:32
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 788KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 714KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 84KB - Virtual size: 727KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 10KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 543KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

75:05:b9:1a:a4:4f:67:a1:47:69:c7:bd:c4:75:52:b2Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

0d:4b:2f:64:5c:1f:93:c5:11:f3:d4:4f:e0:29:22:e0:9d:6c:62:91:23:e5:bd:26:66:67:72:18:13:d1:f9:d7Signer

Signature Validations

Verification

27/02/2023, 09:32 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 788KB - Virtual size: 2.5MB

Size: 714KB - Virtual size: 2.3MB

Size: 84KB - Virtual size: 727KB

Size: 512B - Virtual size: 1KB

Size: 10KB - Virtual size: 48KB

Size: 512B - Virtual size: 4B

.rsrc Size: 543KB - Virtual size: 542KB

.idata Size: 512B - Virtual size: 4KB

.themida Size: 3.1MB - Virtual size: 3.1MB

75:05:b9:1a:a4:4f:67:a1:47:69:c7:bd:c4:75:52:b2
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

0d:4b:2f:64:5c:1f:93:c5:11:f3:d4:4f:e0:29:22:e0:9d:6c:62:91:23:e5:bd:26:66:67:72:18:13:d1:f9:d7
Signer

27/02/2023, 09:32
Valid: false

.rsrc
Size: 543KB - Virtual size: 542KB

.idata
Size: 512B - Virtual size: 4KB

.themida
Size: 3.1MB - Virtual size: 3.1MB