8f0c2afc66b09aa798fe3df61318d8ba62d9ce20b14930ee67c93d85fe8cde4c

Sharing

Copy URL Twitter E-mail

General

Target

8f0c2afc66b09aa798fe3df61318d8ba62d9ce20b14930ee67c93d85fe8cde4c
Size

6.3MB
MD5

15f20b77c1f869d39849806cd8361351
SHA1

cf18d1a7bb189a2162a44c5ea55eacf967fec217
SHA256

8f0c2afc66b09aa798fe3df61318d8ba62d9ce20b14930ee67c93d85fe8cde4c
SHA512

997a6491b4e7e19e7979540f686e8effe3af46dc38c50cd006f691dd4e8aa94a86a692ef98ae2d4b38da419e4b63adf8bcbea314b3dc7db655ec3b9fa8ed8cbe
SSDEEP

196608:hGnZcgZBORkcwjlRre70tl3Q5U+UhkZ8YR:YJKRkZjlRKwrgTUhmR

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

8f0c2afc66b09aa798fe3df61318d8ba62d9ce20b14930ee67c93d85fe8cde4c
.dll windows:5 windows x64

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e3:21:4c:81:33:95:40:a3:80:4f:ca:65:6f:5a:ea:7d
Certificate

Issuer

CN=Sex Shop SRL,OU=Ownership,O=Sex Shop L45,POSTALCODE=48273,STREET=Rathas G45,L=Berlin,ST=Berlin,C=DE,1.2.840.113549.1.9.1=#0c1961646d696e697374726174696f6e407061727365632e6e6574

Not Before

03/06/2022, 00:00

Not After

04/07/2024, 23:59

Subject

CN=Sex Shop SRL,OU=Ownership,O=Sex Shop L45,POSTALCODE=48273,STREET=Rathas G45,L=Berlin,ST=Berlin,C=DE,1.2.840.113549.1.9.1=#0c1961646d696e697374726174696f6e407061727365632e6e6574

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

db:bf:6a:7a:15:e3:51:cf:7b:09:48:39:db:e1:80:25:8e:16:74:21
Signer

Actual PE Digest

db:bf:6a:7a:15:e3:51:cf:7b:09:48:39:db:e1:80:25:8e:16:74:21

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

DD_btn
DD_key
DD_mov
DD_movR
DD_str
DD_todc
DD_whl

Sections

Size: 726KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 121KB - Virtual size: 524KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 42KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 6B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 620KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 475KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.exports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

e3:21:4c:81:33:95:40:a3:80:4f:ca:65:6f:5a:ea:7dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

db:bf:6a:7a:15:e3:51:cf:7b:09:48:39:db:e1:80:25:8e:16:74:21Signer

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 726KB - Virtual size: 1.4MB

Size: 121KB - Virtual size: 524KB

Size: 8KB - Virtual size: 85KB

Size: 42KB - Virtual size: 74KB

text Size: 3KB - Virtual size: 2KB

Size: 1KB - Virtual size: 1KB

Size: 6B - Virtual size: 4B

Size: 620KB - Virtual size: 620KB

Size: 475KB - Virtual size: 1.6MB

.exports Size: 512B - Virtual size: 4KB

.imports Size: 1KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 6.2MB

.boot Size: 3.7MB - Virtual size: 3.7MB

.taggant Size: 8KB - Virtual size: 8KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

e3:21:4c:81:33:95:40:a3:80:4f:ca:65:6f:5a:ea:7d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

db:bf:6a:7a:15:e3:51:cf:7b:09:48:39:db:e1:80:25:8e:16:74:21
Signer

text
Size: 3KB - Virtual size: 2KB

.exports
Size: 512B - Virtual size: 4KB

.imports
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 6.2MB

.boot
Size: 3.7MB - Virtual size: 3.7MB

.taggant
Size: 8KB - Virtual size: 8KB