new64[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

new64.dll
Size

3.7MB
MD5

0168ca4a89a13c8b48f97edcd8c32165
SHA1

8f7c8396abe6dc8cf3d96dcefdcb208bebdc2852
SHA256

10f2b39f63da35827e667f29e2b69524079e06e454160dee4c28636fffcce199
SHA512

c6e273f86f177d8b6b45de6b1969e8e88a708a1f86dc318f870cf6c011fd275503aeba5ab8e37dda85a407449c2ca0921bc9b3b586ab43f8afda946f481119ed
SSDEEP

49152:jjjH4ZOXhVNeJBCDRTJ+j6ErUCBOU9EUSqVLsGC8egyQVTlFvqCBfZKQO9NPe5Ie:l8BcNYjnJLnC8egyQVPNZwL

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

new64.dll
.dll windows x64

Code Sign

2f:9f:c7:74:55:ee:16:86:4e:ad:c1:ad:0a:5f:5a:0c
Certificate

Issuer

CN=Split system (inverter) Electrolux EACS/I-09HAR_A/N3_21Y

Not Before

28-06-2023 10:05

Not After

29-06-2033 10:05

Subject

CN=Split system (inverter) Electrolux EACS/I-09HAR_A/N3_21Y

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

95:74:f4:f7:61:5e:7b:a6:6b:6b:b1:ce:e5:fc:6a:62:77:8e:20:74:4a:91:f5:8e:0d:fa:52:94:bd:d8:4b:7f
Signer

Actual PE Digest

95:74:f4:f7:61:5e:7b:a6:6b:6b:b1:ce:e5:fc:6a:62:77:8e:20:74:4a:91:f5:8e:0d:fa:52:94:bd:d8:4b:7f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

rundll

Sections

Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 595B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

2f:9f:c7:74:55:ee:16:86:4e:ad:c1:ad:0a:5f:5a:0cCertificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

95:74:f4:f7:61:5e:7b:a6:6b:6b:b1:ce:e5:fc:6a:62:77:8e:20:74:4a:91:f5:8e:0d:fa:52:94:bd:d8:4b:7fSigner

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 5KB - Virtual size: 11KB

Size: 512B - Virtual size: 2KB

Size: 512B - Virtual size: 595B

Size: 512B - Virtual size: 432B

Size: 2KB - Virtual size: 7KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.themida Size: 3.7MB - Virtual size: 3.7MB

2f:9f:c7:74:55:ee:16:86:4e:ad:c1:ad:0a:5f:5a:0c
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

95:74:f4:f7:61:5e:7b:a6:6b:6b:b1:ce:e5:fc:6a:62:77:8e:20:74:4a:91:f5:8e:0d:fa:52:94:bd:d8:4b:7f
Signer

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.themida
Size: 3.7MB - Virtual size: 3.7MB