09d4353ca6385fc532f2bab2c83591fa5adca81d19088980824e92bd57465422

Sharing

Copy URL Twitter E-mail

General

Target

09d4353ca6385fc532f2bab2c83591fa5adca81d19088980824e92bd57465422
Size

5.0MB
MD5

6413f71b47ad1ef5eaf277cc93e04e08
SHA1

8d01457762bb6460c868aea74cb4161812ef7356
SHA256

09d4353ca6385fc532f2bab2c83591fa5adca81d19088980824e92bd57465422
SHA512

50b0144cd915d58198d02b7f0d208ac06490de9f85004f575ef5448b661b7e6a1cb85990a66e5851ac4e4dff1bf25a2ddf66a2732e1fa24bc695cd791dc2814e
SSDEEP

98304:T/LX7Se9+yEwJEknjmRlKel3DIluW4WY+6J10ORKjn6BV:TTfzJEeMyd4W1630SKjOV

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

09d4353ca6385fc532f2bab2c83591fa5adca81d19088980824e92bd57465422
.exe windows x64

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:22:81:61:e5:5c:58:14:f6:21:ec:58:ca:1f:2b:42
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

30/06/2020, 05:46

Not After

30/06/2023, 05:46

Subject

CN=Asseco Business Solutions S.A.,OU=CPD-Lublin,O=Asseco Business Solutions S.A.,L=Lublin,ST=lubelskie,C=PL,1.2.840.113549.1.9.1=#0c1a6461746163656e7465722e6c75624061737365636f62732e706c

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fd:44:f8:e7:9f:a9:30:1b:63:0f:95:1f:10:1c:d8:19:e6:4a:8f:e8:5c:7c:d7:58:e9:9b:1d:86:e8:13:73:13
Signer

Actual PE Digest

fd:44:f8:e7:9f:a9:30:1b:63:0f:95:1f:10:1c:d8:19:e6:4a:8f:e8:5c:7c:d7:58:e9:9b:1d:86:e8:13:73:13

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Asseco Business Solutions S.A.,OU=CPD-Lublin,O=Asseco Business Solutions S.A.,L=Lublin,ST=lubelskie,C=PL,1.2.840.113549.1.9.1=#0c1a6461746163656e7465722e6c75624061737365636f62732e706c

03/05/2023, 12:04
Valid: true

Chain 1

CN=Asseco Business Solutions S.A.,OU=CPD-Lublin,O=Asseco Business Solutions S.A.,L=Lublin,ST=lubelskie,C=PL,1.2.840.113549.1.9.1=#0c1a6461746163656e7465722e6c75624061737365636f62732e706c

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 578KB - Virtual size: 584KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 55KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

38:22:81:61:e5:5c:58:14:f6:21:ec:58:ca:1f:2b:42Certificate

Extended Key Usages

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

fd:44:f8:e7:9f:a9:30:1b:63:0f:95:1f:10:1c:d8:19:e6:4a:8f:e8:5c:7c:d7:58:e9:9b:1d:86:e8:13:73:13Signer

Signature Validations

Verification

03/05/2023, 12:04 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 578KB - Virtual size: 584KB

Size: 55KB - Virtual size: 114KB

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 114KB - Virtual size: 114KB

.themida Size: 4.3MB - Virtual size: 4.3MB

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

38:22:81:61:e5:5c:58:14:f6:21:ec:58:ca:1f:2b:42
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

fd:44:f8:e7:9f:a9:30:1b:63:0f:95:1f:10:1c:d8:19:e6:4a:8f:e8:5c:7c:d7:58:e9:9b:1d:86:e8:13:73:13
Signer

03/05/2023, 12:04
Valid: true

.text
Size: 578KB - Virtual size: 584KB

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 114KB - Virtual size: 114KB

.themida
Size: 4.3MB - Virtual size: 4.3MB