d84b9a14d8294a4edccbfa7a7a764956e322b18f6527f37d83f6ccd9afc621c1

Sharing

Copy URL Twitter E-mail

General

Target

d84b9a14d8294a4edccbfa7a7a764956e322b18f6527f37d83f6ccd9afc621c1
Size

3.8MB
MD5

c7a0e31fd4370c45785409a1dc5d4113
SHA1

c71b1cf26aec68613a96e80f53c63592de90a1cd
SHA256

d84b9a14d8294a4edccbfa7a7a764956e322b18f6527f37d83f6ccd9afc621c1
SHA512

d44bfba0a04be174f7a0400863ab1c3f013257bca36b4de7b7c983fd747e989a1fcc4a06f365fc6065c01fea0ca8a8abe5b5e161c8af4ce2e541f6f40beff5f0
SSDEEP

98304:kk1MxZo9wmvAJYtlTv1OwP/0v7ND2sgihbqi/kDbM5FY:kk1Mno9v+Y/v113k7ND2sXhdgbmY

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

d84b9a14d8294a4edccbfa7a7a764956e322b18f6527f37d83f6ccd9afc621c1
.exe windows:6 windows x86 arch:x86

Code Sign

ff:0f:97:6b:8e:0c:6e:43:95:4e:57:88:87:89:28:6d
Certificate

Issuer

CN=Intel Core i5-13400 Raptor Lake-S LGA1700,OU=CM8071505093004S,O=OEM 10 X 2500,L={$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-,ST=Switzerland,C=SW

Not Before

07/10/2023, 06:29

Not After

17/02/2026, 00:00

Subject

CN=Intel Core i5-13400 Raptor Lake-S LGA1700,OU=CM8071505093004S,O=OEM 10 X 2500,L={$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-,ST=Switzerland,C=SW

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:f3:ec:84:3e:57:9f:3c:97:4d:19:44:41:38:89:dd:84:04:0f:b3:c1:de:40:e2:66:e7:3f:f0:48:39:2f:74
Signer

Actual PE Digest

7d:f3:ec:84:3e:57:9f:3c:97:4d:19:44:41:38:89:dd:84:04:0f:b3:c1:de:40:e2:66:e7:3f:f0:48:39:2f:74

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 87KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 29KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

ff:0f:97:6b:8e:0c:6e:43:95:4e:57:88:87:89:28:6dCertificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

7d:f3:ec:84:3e:57:9f:3c:97:4d:19:44:41:38:89:dd:84:04:0f:b3:c1:de:40:e2:66:e7:3f:f0:48:39:2f:74Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 87KB - Virtual size: 162KB

Size: 29KB - Virtual size: 67KB

Size: 1024B - Virtual size: 7KB

.rsrc Size: 62KB - Virtual size: 62KB

Size: 8KB - Virtual size: 9KB

.idata Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 5.5MB

.boot Size: 3.6MB - Virtual size: 3.6MB

ff:0f:97:6b:8e:0c:6e:43:95:4e:57:88:87:89:28:6d
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

7d:f3:ec:84:3e:57:9f:3c:97:4d:19:44:41:38:89:dd:84:04:0f:b3:c1:de:40:e2:66:e7:3f:f0:48:39:2f:74
Signer

.rsrc
Size: 62KB - Virtual size: 62KB

.idata
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 5.5MB

.boot
Size: 3.6MB - Virtual size: 3.6MB