195532c7fddb8fceb5d74f5569e99d15b18b4bc3639f9a697999fc68c87b63a8

Sharing

Copy URL Twitter E-mail

General

Target

195532c7fddb8fceb5d74f5569e99d15b18b4bc3639f9a697999fc68c87b63a8
Size

4.1MB
MD5

5a6518c469b1620cbcee6684190706df
SHA1

810d3119351f1cfa45bdd1ab8f9967652916e235
SHA256

195532c7fddb8fceb5d74f5569e99d15b18b4bc3639f9a697999fc68c87b63a8
SHA512

2630311d39cf1732e7a19fe450a049dbe7f783118b228476810e35c6e6d5bbc1ee2e4653146af7cce3df524807d96b482461dadf97fd26a578d442183428fd04
SSDEEP

98304:+dkmQ8ETK1EUuu6PLLEsdZ0hGTR60xAThGu/zTQ9cOKm0:+PQ88K6U/6/EsIhGAhGMUPKH

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

195532c7fddb8fceb5d74f5569e99d15b18b4bc3639f9a697999fc68c87b63a8
.exe windows:6 windows x86 arch:x86

98c4c1c436683099ce8dc886c2347885

Code Sign

4e:04:2c:42:f9:de:68:8e:4a:6f:c2:f8:41:40:d4:f9
Certificate

Issuer

CN=Logitech H153 Wired Headset Black 2.0 overhead 20 Hz - 20000 Hz 22Ω corded cable - 1.8 m

Not Before

23/11/2023, 09:28

Not After

24/11/2033, 09:28

Subject

CN=Logitech H153 Wired Headset Black 2.0 overhead 20 Hz - 20000 Hz 22Ω corded cable - 1.8 m

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c1:46:2c:83:88:5d:43:82:bb:ca:5e:7c:79:8c:44:53:43:eb:50:91:f6:b4:36:7c:0e:87:96:2d:02:a2:ca:d8
Signer

Actual PE Digest

c1:46:2c:83:88:5d:43:82:bb:ca:5e:7c:79:8c:44:53:43:eb:50:91:f6:b4:36:7c:0e:87:96:2d:02:a2:ca:d8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetClipboardData

advapi32

RegSetValueExA

shell32

ShellExecuteExW

ole32

CoTaskMemFree

Sections

Size: - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.he&°º
Size: - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.V[V°º
Size: - Virtual size: 868KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uCl°º
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.|Fi°º
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98c4c1c436683099ce8dc886c2347885

Code Sign

4e:04:2c:42:f9:de:68:8e:4a:6f:c2:f8:41:40:d4:f9Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

c1:46:2c:83:88:5d:43:82:bb:ca:5e:7c:79:8c:44:53:43:eb:50:91:f6:b4:36:7c:0e:87:96:2d:02:a2:ca:d8Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

Size: - Virtual size: 162KB

Size: - Virtual size: 67KB

Size: - Virtual size: 7KB

Size: - Virtual size: 141KB

Size: - Virtual size: 9KB

.idata Size: - Virtual size: 4KB

.he&°º Size: - Virtual size: 91KB

.themida Size: - Virtual size: 3.9MB

.boot Size: - Virtual size: 1.6MB

.V[V°º Size: - Virtual size: 868KB

.uCl°º Size: 512B - Virtual size: 460B

.|Fi°º Size: 4.0MB - Virtual size: 4.0MB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 91KB - Virtual size: 90KB

4e:04:2c:42:f9:de:68:8e:4a:6f:c2:f8:41:40:d4:f9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

c1:46:2c:83:88:5d:43:82:bb:ca:5e:7c:79:8c:44:53:43:eb:50:91:f6:b4:36:7c:0e:87:96:2d:02:a2:ca:d8
Signer

.idata
Size: - Virtual size: 4KB

.he&°º
Size: - Virtual size: 91KB

.themida
Size: - Virtual size: 3.9MB

.boot
Size: - Virtual size: 1.6MB

.V[V°º
Size: - Virtual size: 868KB

.uCl°º
Size: 512B - Virtual size: 460B

.|Fi°º
Size: 4.0MB - Virtual size: 4.0MB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 91KB - Virtual size: 90KB