bdc2f986320facc24627b6e31ae3ff0147583b04c262a386b2043557b59d06c0

Sharing

Copy URL

Twitter E-mail

General

Target

bdc2f986320facc24627b6e31ae3ff0147583b04c262a386b2043557b59d06c0
Size

2.3MB
MD5

ec50388a69792d133c1298e1dceb40a6
SHA1

80ff3e79bc0679a0e2e91e811310e9fe59c5fcdb
SHA256

bdc2f986320facc24627b6e31ae3ff0147583b04c262a386b2043557b59d06c0
SHA512

fc1141659419b03040ce5bfb3b98c53f2ed53c49e285a68e341620c569f1aa6beb0cb17559e331af6f25a805ae70070a90787e26c4ee5474985c1cb52d04ab59
SSDEEP

49152:PuxU6VfbIhv2/g8nn7HoqW2m86bzBvwv+P9gB8xy2LmQKV:Wi6VzIA/gg7IR8iVgB8xybQKV

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

bdc2f986320facc24627b6e31ae3ff0147583b04c262a386b2043557b59d06c0
.exe windows x86

Code Sign

11:7f:03:55:15:52:a9:bd:47:6d:6d:63:6c:a0:81:5e
Certificate

Issuer

CN=HDD Verbatim Digital EVO-II 5Tb HDWG460EZSTA N300 (4096rpm) 4036Mb 0.5 Rtl

Not Before

22-01-2023 17:37

Not After

23-01-2033 17:37

Subject

CN=HDD Verbatim Digital EVO-II 5Tb HDWG460EZSTA N300 (4096rpm) 4036Mb 0.5 Rtl

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:ea:12:9b:87:0f:7e:16:8f:00:3c:a1:38:2e:96:eb:93:65:b0:6f:29:61:c1:8b:b7:85:b6:45:e2:98:23:fd
Signer

Actual PE Digest

f0:ea:12:9b:87:0f:7e:16:8f:00:3c:a1:38:2e:96:eb:93:65:b0:6f:29:61:c1:8b:b7:85:b6:45:e2:98:23:fd

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=HDD Verbatim Digital EVO-II 5Tb HDWG460EZSTA N300 (4096rpm) 4036Mb 0.5 Rtl

09-03-2023 18:59
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 492KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 150KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

11:7f:03:55:15:52:a9:bd:47:6d:6d:63:6c:a0:81:5eCertificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

f0:ea:12:9b:87:0f:7e:16:8f:00:3c:a1:38:2e:96:eb:93:65:b0:6f:29:61:c1:8b:b7:85:b6:45:e2:98:23:fdSigner

Signature Validations

Verification

09-03-2023 18:59 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 492KB - Virtual size: 1.2MB

Size: 150KB - Virtual size: 363KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 178KB - Virtual size: 178KB

.themida Size: - Virtual size: 3.5MB

.boot Size: 1.5MB - Virtual size: 1.5MB

11:7f:03:55:15:52:a9:bd:47:6d:6d:63:6c:a0:81:5e
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

f0:ea:12:9b:87:0f:7e:16:8f:00:3c:a1:38:2e:96:eb:93:65:b0:6f:29:61:c1:8b:b7:85:b6:45:e2:98:23:fd
Signer

09-03-2023 18:59
Valid: false

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 178KB - Virtual size: 178KB

.themida
Size: - Virtual size: 3.5MB

.boot
Size: 1.5MB - Virtual size: 1.5MB