file[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

4.6MB
MD5

78c779cfa13b8724efc6a4a2358ced4b
SHA1

fa03a811325e8ead53759f6d79d67444bd476248
SHA256

0bb9e1239d0936d885d1e8f350acf5db3118413d23fec74479bd99a008ebf0ce
SHA512

78307992d190768c826bec30d4dc24ff609a17b6cbdaf885cffe2836bb057111a05c840b5c57253a9259150a14c964a8f2b87f118ea3d3ec2ff477e66c09e2c8
SSDEEP

98304:IXgPa7OCEb42XL4CVAGKpsXyMotMeoEqX:IXSa+kJW0sXFotmP

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

file.exe
.exe windows x64

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:22:81:61:e5:5c:58:14:f6:21:ec:58:ca:1f:2b:42
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

30/06/2020, 05:46

Not After

30/06/2023, 05:46

Subject

CN=Asseco Business Solutions S.A.,OU=CPD-Lublin,O=Asseco Business Solutions S.A.,L=Lublin,ST=lubelskie,C=PL,1.2.840.113549.1.9.1=#0c1a6461746163656e7465722e6c75624061737365636f62732e706c

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a4:30:b1:e2:f4:0f:c6:f2:ed:66:38:04:c3:a2:7d:3a:fa:c0:f0:04:04:70:57:ad:01:07:d7:b3:ec:03:a5:be
Signer

Actual PE Digest

a4:30:b1:e2:f4:0f:c6:f2:ed:66:38:04:c3:a2:7d:3a:fa:c0:f0:04:04:70:57:ad:01:07:d7:b3:ec:03:a5:be

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Asseco Business Solutions S.A.,OU=CPD-Lublin,O=Asseco Business Solutions S.A.,L=Lublin,ST=lubelskie,C=PL,1.2.840.113549.1.9.1=#0c1a6461746163656e7465722e6c75624061737365636f62732e706c

03/05/2023, 12:04
Valid: true

Chain 1

CN=Asseco Business Solutions S.A.,OU=CPD-Lublin,O=Asseco Business Solutions S.A.,L=Lublin,ST=lubelskie,C=PL,1.2.840.113549.1.9.1=#0c1a6461746163656e7465722e6c75624061737365636f62732e706c

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 867KB - Virtual size: 872KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 86KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

38:22:81:61:e5:5c:58:14:f6:21:ec:58:ca:1f:2b:42Certificate

Extended Key Usages

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

a4:30:b1:e2:f4:0f:c6:f2:ed:66:38:04:c3:a2:7d:3a:fa:c0:f0:04:04:70:57:ad:01:07:d7:b3:ec:03:a5:beSigner

Signature Validations

Verification

03/05/2023, 12:04 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 867KB - Virtual size: 872KB

Size: 86KB - Virtual size: 138KB

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 139KB - Virtual size: 139KB

.themida Size: 3.5MB - Virtual size: 3.5MB

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

38:22:81:61:e5:5c:58:14:f6:21:ec:58:ca:1f:2b:42
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

a4:30:b1:e2:f4:0f:c6:f2:ed:66:38:04:c3:a2:7d:3a:fa:c0:f0:04:04:70:57:ad:01:07:d7:b3:ec:03:a5:be
Signer

03/05/2023, 12:04
Valid: true

.text
Size: 867KB - Virtual size: 872KB

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 139KB - Virtual size: 139KB

.themida
Size: 3.5MB - Virtual size: 3.5MB