4137aa5bbe56e125d0b0599929fa2ce9fc808cc87c4a865326d8a8cd9ab133d3

Sharing

Copy URL Twitter E-mail

General

Target

4137aa5bbe56e125d0b0599929fa2ce9fc808cc87c4a865326d8a8cd9ab133d3
Size

1.4MB
MD5

345d232f2983353f9b1026a2f02f7264
SHA1

5acd18adbde70f8059b3001d9db06c33826e179a
SHA256

4137aa5bbe56e125d0b0599929fa2ce9fc808cc87c4a865326d8a8cd9ab133d3
SHA512

8ca950d51d502340a866790a20c818beb37d8d8ad1f27b31ba58975b7bfbcb59f3170283f458ce73a55f27b29af89113059be9e53530b955e1eca81ccb4f7bf7
SSDEEP

24576:fVHZuiMfYyAcNFMH8N8meJ9UEcUFU+ZsU3iNeQOuhHP5agQ+GVfJkYRpPIez:fV45F7N8PU342U3/QRCDvVfeYHIez

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

4137aa5bbe56e125d0b0599929fa2ce9fc808cc87c4a865326d8a8cd9ab133d3
.exe windows x86

Code Sign

74:57:6a:91:b1:77:dd:b9:4a:15:a1:49:1a:4d:a1:d2
Certificate

Issuer

CN=Acer Quik AP527-57 [AN527-27-77M3]

Not Before

06/04/2023, 15:02

Not After

07/04/2033, 15:02

Subject

CN=Acer Quik AP527-57 [AN527-27-77M3]

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bd:3f:c5:67:b8:73:39:d8:aa:11:b1:8e:33:60:17:a4:4e:5b:be:0a:c1:7d:47:d2:b9:1b:48:c7:9f:35:9d:dc
Signer

Actual PE Digest

bd:3f:c5:67:b8:73:39:d8:aa:11:b1:8e:33:60:17:a4:4e:5b:be:0a:c1:7d:47:d2:b9:1b:48:c7:9f:35:9d:dc

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Acer Quik AP527-57 [AN527-27-77M3]

13/04/2023, 18:10
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 37KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 179KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

74:57:6a:91:b1:77:dd:b9:4a:15:a1:49:1a:4d:a1:d2Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

bd:3f:c5:67:b8:73:39:d8:aa:11:b1:8e:33:60:17:a4:4e:5b:be:0a:c1:7d:47:d2:b9:1b:48:c7:9f:35:9d:dcSigner

Signature Validations

Verification

13/04/2023, 18:10 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 37KB - Virtual size: 104KB

Size: 179KB - Virtual size: 351KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 8KB

.themida Size: - Virtual size: 3.1MB

.boot Size: 1.2MB - Virtual size: 1.2MB

74:57:6a:91:b1:77:dd:b9:4a:15:a1:49:1a:4d:a1:d2
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

bd:3f:c5:67:b8:73:39:d8:aa:11:b1:8e:33:60:17:a4:4e:5b:be:0a:c1:7d:47:d2:b9:1b:48:c7:9f:35:9d:dc
Signer

13/04/2023, 18:10
Valid: false

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 8KB

.themida
Size: - Virtual size: 3.1MB

.boot
Size: 1.2MB - Virtual size: 1.2MB