6b74b7a3dc031c27279af7a9ae6a1dd9eee793a1ad48a577b1f96ced99f6a8b5

Sharing

Copy URL Twitter E-mail

General

Target

6b74b7a3dc031c27279af7a9ae6a1dd9eee793a1ad48a577b1f96ced99f6a8b5
Size

2.2MB
MD5

9ea4455de8ef7f7a7542fab9a37020a4
SHA1

30ae709246c915b1b24404044f1cc2f7db5821a0
SHA256

6b74b7a3dc031c27279af7a9ae6a1dd9eee793a1ad48a577b1f96ced99f6a8b5
SHA512

50df729da6f838b7c0897ebbac132592c54e10ac9ac7ba1dd2cf743615c9092d2ca0e04738e136652f85035c543580469d9de7e1a674cb7da6059612276e1794
SSDEEP

49152:HM864hpl6/xzfnZHKEI92BtxHWfq7918JgFOwZk4:s81pg+EIYBtZWfq7918exB

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

6b74b7a3dc031c27279af7a9ae6a1dd9eee793a1ad48a577b1f96ced99f6a8b5
.exe windows:6 windows x86 arch:x86

Code Sign

ff:0f:97:6b:8e:0c:6e:43:95:4e:57:88:87:89:28:6d
Certificate

Issuer

CN=Intel Core i5-13400 Raptor Lake-S LGA1700,OU=CM8071505093004S,O=OEM 10 X 2500,L={$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-,ST=Switzerland,C=SW

Not Before

07/10/2023, 06:29

Not After

17/02/2026, 00:00

Subject

CN=Intel Core i5-13400 Raptor Lake-S LGA1700,OU=CM8071505093004S,O=OEM 10 X 2500,L={$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-{$~!}-,ST=Switzerland,C=SW

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:72:b1:54:18:c8:19:71:a2:de:45:17:49:83:ed:09:7c:60:b6:ba:e8:e6:c8:a6:3b:42:3d:5a:63:b2:fd:19
Signer

Actual PE Digest

be:72:b1:54:18:c8:19:71:a2:de:45:17:49:83:ed:09:7c:60:b6:ba:e8:e6:c8:a6:3b:42:3d:5a:63:b2:fd:19

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 137KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 21KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

ff:0f:97:6b:8e:0c:6e:43:95:4e:57:88:87:89:28:6dCertificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

be:72:b1:54:18:c8:19:71:a2:de:45:17:49:83:ed:09:7c:60:b6:ba:e8:e6:c8:a6:3b:42:3d:5a:63:b2:fd:19Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 137KB - Virtual size: 314KB

Size: 21KB - Virtual size: 69KB

Size: 2KB - Virtual size: 17KB

Size: 5KB - Virtual size: 27KB

Size: 11KB - Virtual size: 19KB

.idata Size: 512B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 5KB

.themida Size: - Virtual size: 4.5MB

.boot Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 16B - Virtual size: 4KB

ff:0f:97:6b:8e:0c:6e:43:95:4e:57:88:87:89:28:6d
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

be:72:b1:54:18:c8:19:71:a2:de:45:17:49:83:ed:09:7c:60:b6:ba:e8:e6:c8:a6:3b:42:3d:5a:63:b2:fd:19
Signer

.idata
Size: 512B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 5KB

.themida
Size: - Virtual size: 4.5MB

.boot
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 16B - Virtual size: 4KB