file[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

file.exe
Size

7.2MB
MD5

625afe348f255f928094b9e3b92d2664
SHA1

d0cdc33730663dffe4d9826d041a15ccb02a7880
SHA256

b01c9104e3c8210e44629d12b895164de941215f47f9c02826640af1e80e2876
SHA512

0260d36d2e92633dfc127a9eb521d617f5ef2eaab2e4955ef4d3b746bec210511b48e55d94abda501706e42a0f2aefc3523fcef8732f4895617c9851f52df779
SSDEEP

196608:kWL9Awy6WpqUlfS1RAhXLM2nDpC0h05N3klfVVWCbA7:nL9AwQpqLiXPh05N3klfnPG

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

file.exe
.exe windows x86

4aef53f3b4a3e10d64879a1b7a55f980

Code Sign

3d:f2:2e:62:b1:34:0d:ba:4b:b5:c6:38:f6:41:78:43
Certificate

Issuer

CN=MSI Pulse GL74 12UEK-088XEU Intel Core i5 12500H/ 3.3 GHz - 4.5 GHz/ 16384 Mb/ 17.3 Full HD 1920x1080/ 512 Gb SSD/ DVD nVidia GeForce RTX 3070 6144 DYS (9N7-17L314-088)

Not Before

23-04-2023 11:22

Not After

24-04-2033 11:22

Subject

CN=MSI Pulse GL74 12UEK-088XEU Intel Core i5 12500H/ 3.3 GHz - 4.5 GHz/ 16384 Mb/ 17.3 Full HD 1920x1080/ 512 Gb SSD/ DVD nVidia GeForce RTX 3070 6144 DYS (9N7-17L314-088)

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:55:2b:d2:a0:7c:65:26:3a:f4:3a:04:d3:48:e4:70:b5:6c:51:d0:94:74:f7:15:c5:f0:40:cb:0c:f1:10:e6
Signer

Actual PE Digest

39:55:2b:d2:a0:7c:65:26:3a:f4:3a:04:d3:48:e4:70:b5:6c:51:d0:94:74:f7:15:c5:f0:40:cb:0c:f1:10:e6

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=MSI Pulse GL74 12UEK-088XEU Intel Core i5 12500H/ 3.3 GHz - 4.5 GHz/ 16384 Mb/ 17.3 Full HD 1920x1080/ 512 Gb SSD/ DVD nVidia GeForce RTX 3070 6144 DYS (9N7-17L314-088)

25-04-2023 11:09
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW

gdi32

CreateCompatibleBitmap

advapi32

SystemFunction036

shell32

SHGetFolderPathA

crypt32

CryptUnprotectData

gdiplus

GdipGetImageEncodersSize

setupapi

SetupDiGetDeviceInterfaceDetailA

Sections

Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 12.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 113KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4aef53f3b4a3e10d64879a1b7a55f980

Code Sign

3d:f2:2e:62:b1:34:0d:ba:4b:b5:c6:38:f6:41:78:43Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:55:2b:d2:a0:7c:65:26:3a:f4:3a:04:d3:48:e4:70:b5:6c:51:d0:94:74:f7:15:c5:f0:40:cb:0c:f1:10:e6Signer

Signature Validations

Verification

25-04-2023 11:09 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

crypt32

gdiplus

setupapi

Sections

Size: - Virtual size: 1.5MB

Size: - Virtual size: 164KB

Size: - Virtual size: 41KB

Size: - Virtual size: 12.3MB

Size: - Virtual size: 29KB

.idata Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 115KB

.themida Size: - Virtual size: 3.1MB

.boot Size: - Virtual size: 1.9MB

.vmp1 Size: - Virtual size: 1.4MB

.vmp2 Size: 7.1MB - Virtual size: 7.1MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 113KB - Virtual size: 114KB

3d:f2:2e:62:b1:34:0d:ba:4b:b5:c6:38:f6:41:78:43
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:55:2b:d2:a0:7c:65:26:3a:f4:3a:04:d3:48:e4:70:b5:6c:51:d0:94:74:f7:15:c5:f0:40:cb:0c:f1:10:e6
Signer

25-04-2023 11:09
Valid: false

.idata
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 115KB

.themida
Size: - Virtual size: 3.1MB

.boot
Size: - Virtual size: 1.9MB

.vmp1
Size: - Virtual size: 1.4MB

.vmp2
Size: 7.1MB - Virtual size: 7.1MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 113KB - Virtual size: 114KB