3f7c25f61db18bb289ef719aa3f798043379cf63d36f54db37686df5ccf98ace

Sharing

Copy URL Twitter E-mail

General

Target

3f7c25f61db18bb289ef719aa3f798043379cf63d36f54db37686df5ccf98ace
Size

4.7MB
MD5

9a6ed01a04c072bd79b892021ca93eaa
SHA1

a38b209550ebe0a7b50fa8aebafae03d9aef0d36
SHA256

3f7c25f61db18bb289ef719aa3f798043379cf63d36f54db37686df5ccf98ace
SHA512

02740513ab920888611f07b211436fdf9786ba886813dd1f1c4158a6d01098bafe23a1cb2432b2f9388335a5dda65ae2c94339a35c63111693dd27224c944ce1
SSDEEP

98304:XNhz8Ba0ngHYrv9RuZLiTfhDTAySK1Vsb/RBUXbGDuGMmom5lY9E8Ea:78GH+TuLidxSwCRQGD+Y2H

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

3f7c25f61db18bb289ef719aa3f798043379cf63d36f54db37686df5ccf98ace
.exe windows:6 windows x86

98c4c1c436683099ce8dc886c2347885

Code Sign

63:24:4d:30:d2:a1:4a:b4:4a:ad:bd:9a:36:e4:da:5a
Certificate

Issuer

CN=HDD Toshiba SATA-III 10Tb HDWG460EZSTA N300 (7200rpm) 4096Mb 2.5 Rtl

Not Before

10/12/2022, 12:00

Not After

11/12/2032, 12:00

Subject

CN=HDD Toshiba SATA-III 10Tb HDWG460EZSTA N300 (7200rpm) 4096Mb 2.5 Rtl

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:4c:12:30:0b:63:7f:28:78:77:f8:ef:7d:63:55:bb:c2:6b:33:62:e0:87:39:6a:c6:2d:ff:85:34:55:ca:f4
Signer

Actual PE Digest

f0:4c:12:30:0b:63:7f:28:78:77:f8:ef:7d:63:55:bb:c2:6b:33:62:e0:87:39:6a:c6:2d:ff:85:34:55:ca:f4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetClipboardData

advapi32

RegSetValueExA

shell32

ShellExecuteExW

ole32

CoTaskMemFree

Sections

Size: - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.‹¿/.
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.‹¿/.
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.**..--*
Size: - Virtual size: 974KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.**..--*
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.**..--*
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98c4c1c436683099ce8dc886c2347885

Code Sign

63:24:4d:30:d2:a1:4a:b4:4a:ad:bd:9a:36:e4:da:5aCertificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

f0:4c:12:30:0b:63:7f:28:78:77:f8:ef:7d:63:55:bb:c2:6b:33:62:e0:87:39:6a:c6:2d:ff:85:34:55:ca:f4Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

Size: - Virtual size: 162KB

Size: - Virtual size: 67KB

Size: - Virtual size: 7KB

Size: - Virtual size: 1KB

Size: - Virtual size: 9KB

.imports Size: - Virtual size: 4KB

.‹¿/. Size: - Virtual size: 4KB

.themida Size: - Virtual size: 3.9MB

.boot Size: - Virtual size: 2.3MB

.‹¿/. Size: - Virtual size: 1KB

.**..--* Size: - Virtual size: 974KB

.**..--* Size: 512B - Virtual size: 460B

.**..--* Size: 4.7MB - Virtual size: 4.7MB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 14KB - Virtual size: 254KB

63:24:4d:30:d2:a1:4a:b4:4a:ad:bd:9a:36:e4:da:5a
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

f0:4c:12:30:0b:63:7f:28:78:77:f8:ef:7d:63:55:bb:c2:6b:33:62:e0:87:39:6a:c6:2d:ff:85:34:55:ca:f4
Signer

.imports
Size: - Virtual size: 4KB

.‹¿/.
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 3.9MB

.boot
Size: - Virtual size: 2.3MB

.‹¿/.
Size: - Virtual size: 1KB

.**..--*
Size: - Virtual size: 974KB

.**..--*
Size: 512B - Virtual size: 460B

.**..--*
Size: 4.7MB - Virtual size: 4.7MB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 14KB - Virtual size: 254KB