52408a0fa4f11343923147fbd83de3ddd6fdbbb4893ce9518835a9e2b61a14dd

Sharing

Copy URL Twitter E-mail

General

Target

52408a0fa4f11343923147fbd83de3ddd6fdbbb4893ce9518835a9e2b61a14dd
Size

6.4MB
MD5

d10442a08c9a8a0c67f3e69408afaffb
SHA1

e9348fca88b0aa288d52e0b84322664b3ace8a4e
SHA256

52408a0fa4f11343923147fbd83de3ddd6fdbbb4893ce9518835a9e2b61a14dd
SHA512

2e23f820a6578210c8fd205478f7f98c3a21b27c43c2792d466cb2a23961a7f2a38c9245d511d37390312c0446e0b6e776f4fe1da1022fac22eccd5afab06015
SSDEEP

196608:RMz1ccg0L++AMW3iCqfQMwOzKZJons7b5mgQ1:SLcMHCqfQMuZJfb5Y1

Score

7^/10

vmprotect themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

52408a0fa4f11343923147fbd83de3ddd6fdbbb4893ce9518835a9e2b61a14dd
.exe windows:6 windows x86

f7f4fdfe1cbd1808e09ffc40b45c6b63

Code Sign

63:24:4d:30:d2:a1:4a:b4:4a:ad:bd:9a:36:e4:da:5a
Certificate

Issuer

CN=HDD Toshiba SATA-III 10Tb HDWG460EZSTA N300 (7200rpm) 4096Mb 2.5 Rtl

Not Before

10/12/2022, 12:00

Not After

11/12/2032, 12:00

Subject

CN=HDD Toshiba SATA-III 10Tb HDWG460EZSTA N300 (7200rpm) 4096Mb 2.5 Rtl

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:04:c8:f2:3f:14:82:0e:b6:d6:4e:c8:a9:a2:61:2e:ea:1e:9d:c5:66:22:cd:3e:ff:68:29:ee:9d:76:2d:97
Signer

Actual PE Digest

8d:04:c8:f2:3f:14:82:0e:b6:d6:4e:c8:a9:a2:61:2e:ea:1e:9d:c5:66:22:cd:3e:ff:68:29:ee:9d:76:2d:97

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetClipboardData

advapi32

RegSetValueExA

shell32

ShellExecuteExW

ole32

CoTaskMemFree

Sections

Size: - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.7zip0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.7zip1
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.7zip2
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 770KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7f4fdfe1cbd1808e09ffc40b45c6b63

Code Sign

63:24:4d:30:d2:a1:4a:b4:4a:ad:bd:9a:36:e4:da:5aCertificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8d:04:c8:f2:3f:14:82:0e:b6:d6:4e:c8:a9:a2:61:2e:ea:1e:9d:c5:66:22:cd:3e:ff:68:29:ee:9d:76:2d:97Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

Size: - Virtual size: 162KB

Size: - Virtual size: 67KB

Size: - Virtual size: 7KB

Size: - Virtual size: 1KB

Size: - Virtual size: 9KB

.imports Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 4KB

.themida Size: - Virtual size: 3.9MB

.boot Size: - Virtual size: 2.4MB

.vmp1 Size: - Virtual size: 1KB

.7zip0 Size: - Virtual size: 1.7MB

.7zip1 Size: 512B - Virtual size: 460B

.7zip2 Size: 6.3MB - Virtual size: 6.3MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 19KB - Virtual size: 770KB

63:24:4d:30:d2:a1:4a:b4:4a:ad:bd:9a:36:e4:da:5a
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8d:04:c8:f2:3f:14:82:0e:b6:d6:4e:c8:a9:a2:61:2e:ea:1e:9d:c5:66:22:cd:3e:ff:68:29:ee:9d:76:2d:97
Signer

.imports
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 3.9MB

.boot
Size: - Virtual size: 2.4MB

.vmp1
Size: - Virtual size: 1KB

.7zip0
Size: - Virtual size: 1.7MB

.7zip1
Size: 512B - Virtual size: 460B

.7zip2
Size: 6.3MB - Virtual size: 6.3MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 19KB - Virtual size: 770KB