file | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file
Size

4.3MB
MD5

2f654b370330b37d971f4bf2bcda59da
SHA1

686e143695e6ad4c607c8c266f82dbc8720a7c1e
SHA256

151d20c23d21ac2aedd5015e1cbc69f6e39bd81f35f5dd4ff4d8ce810aead0a3
SHA512

1868a5d7189cbd62789383a75e27d46e3e9fe4cd27cf39ab2335368d45b9114761c7b49e2a80b48aafce4378bd20fcf5b3a5daedb909167c89be2b31ab52db71
SSDEEP

49152:Y+dV4FTqVizuoGC9ZBcFLRLuimM0CYwMJiDixNv/O2FprKn7QZGx8Jh:Y+ovaooFLRywM0DO/O2/rk7QZ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

file
.exe windows x64

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:22:81:61:e5:5c:58:14:f6:21:ec:58:ca:1f:2b:42
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

30/06/2020, 05:46

Not After

30/06/2023, 05:46

Subject

CN=Asseco Business Solutions S.A.,OU=CPD-Lublin,O=Asseco Business Solutions S.A.,L=Lublin,ST=lubelskie,C=PL,1.2.840.113549.1.9.1=#0c1a6461746163656e7465722e6c75624061737365636f62732e706c

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:e2:b3:ed:e6:f2:e7:fd:1b:42:80:d6:76:38:d0:2f:ca:1c:52:5f:01:cc:1a:85:fd:fd:4d:0e:fe:ac:36:9f
Signer

Actual PE Digest

75:e2:b3:ed:e6:f2:e7:fd:1b:42:80:d6:76:38:d0:2f:ca:1c:52:5f:01:cc:1a:85:fd:fd:4d:0e:fe:ac:36:9f

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Asseco Business Solutions S.A.,OU=CPD-Lublin,O=Asseco Business Solutions S.A.,L=Lublin,ST=lubelskie,C=PL,1.2.840.113549.1.9.1=#0c1a6461746163656e7465722e6c75624061737365636f62732e706c

03/05/2023, 12:04
Valid: true

Chain 1

CN=Asseco Business Solutions S.A.,OU=CPD-Lublin,O=Asseco Business Solutions S.A.,L=Lublin,ST=lubelskie,C=PL,1.2.840.113549.1.9.1=#0c1a6461746163656e7465722e6c75624061737365636f62732e706c

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 621KB - Virtual size: 624KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 70KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

38:22:81:61:e5:5c:58:14:f6:21:ec:58:ca:1f:2b:42Certificate

Extended Key Usages

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

75:e2:b3:ed:e6:f2:e7:fd:1b:42:80:d6:76:38:d0:2f:ca:1c:52:5f:01:cc:1a:85:fd:fd:4d:0e:fe:ac:36:9fSigner

Signature Validations

Verification

03/05/2023, 12:04 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 621KB - Virtual size: 624KB

Size: 70KB - Virtual size: 127KB

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 127KB - Virtual size: 127KB

.themida Size: 3.5MB - Virtual size: 3.5MB

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

38:22:81:61:e5:5c:58:14:f6:21:ec:58:ca:1f:2b:42
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

75:e2:b3:ed:e6:f2:e7:fd:1b:42:80:d6:76:38:d0:2f:ca:1c:52:5f:01:cc:1a:85:fd:fd:4d:0e:fe:ac:36:9f
Signer

03/05/2023, 12:04
Valid: true

.text
Size: 621KB - Virtual size: 624KB

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 127KB - Virtual size: 127KB

.themida
Size: 3.5MB - Virtual size: 3.5MB