8c4168ad1af64b1fd3665f0100824a1a74dfd629e417f14211018ab65a39f2d7

Sharing

Copy URL Twitter E-mail

General

Target

8c4168ad1af64b1fd3665f0100824a1a74dfd629e417f14211018ab65a39f2d7
Size

5.4MB
MD5

6a5c271e8d094fff13789b60ee86d17e
SHA1

09b67cecb0d6a33c5b76341ada1324dc293d772c
SHA256

8c4168ad1af64b1fd3665f0100824a1a74dfd629e417f14211018ab65a39f2d7
SHA512

615aefdf209a5420c9bb1f1e5e18659671d5ec8e34aece77652ce683f6abc031945caccf775a17d1b6af445e1da7070a2b9a8386a99e8aa60890776293c0278b
SSDEEP

98304:dQrNSmFxtvhcJF9Z2qRBThMKOx9B0mygI7kYJLifZ7vWZHu+K5tmbzVb+a0xTXsp:2cwvhcF9Z2qRBThMKmmgI7hpiBvr+MIj

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

8c4168ad1af64b1fd3665f0100824a1a74dfd629e417f14211018ab65a39f2d7
.exe windows:6 windows x86 arch:x86

98c4c1c436683099ce8dc886c2347885

Code Sign

67:6e:20:ee:07:fc:c9:49:aa:7e:95:78:32:b7:bd:ab
Certificate

Issuer

CN=ActiveReports RDF document API,OU=Active,O=GrapeCity Inc. All rights reserved,ST=CH,C=CH

Not Before

10/12/2023, 16:06

Not After

10/09/2025, 00:00

Subject

CN=ActiveReports RDF document API,OU=Active,O=GrapeCity Inc. All rights reserved,ST=CH,C=CH

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:f5:c3:49:5b:98:7c:5f:f8:fe:c5:d1:e7:a4:d7:be:63:26:9e:cf:d8:4e:15:03:5b:3f:da:b1:e7:84:17:fc
Signer

Actual PE Digest

ed:f5:c3:49:5b:98:7c:5f:f8:fe:c5:d1:e7:a4:d7:be:63:26:9e:cf:d8:4e:15:03:5b:3f:da:b1:e7:84:17:fc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetClipboardData

advapi32

RegSetValueExA

shell32

ShellExecuteExW

ole32

CoTaskMemFree

Sections

Size: - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp…{
Size: - Virtual size: 952KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp…Q
Size: - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp…'
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp…&
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 171KB - Virtual size: 952KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98c4c1c436683099ce8dc886c2347885

Code Sign

67:6e:20:ee:07:fc:c9:49:aa:7e:95:78:32:b7:bd:abCertificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

ed:f5:c3:49:5b:98:7c:5f:f8:fe:c5:d1:e7:a4:d7:be:63:26:9e:cf:d8:4e:15:03:5b:3f:da:b1:e7:84:17:fcSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

Size: - Virtual size: 162KB

Size: - Virtual size: 67KB

Size: - Virtual size: 7KB

.vmp…{ Size: - Virtual size: 952KB

Size: - Virtual size: 9KB

.idata Size: - Virtual size: 4KB

.themida Size: - Virtual size: 4.5MB

.boot Size: - Virtual size: 2.3MB

.vmp…Q Size: - Virtual size: 266KB

.vmp…' Size: 512B - Virtual size: 460B

.vmp…& Size: 5.2MB - Virtual size: 5.2MB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 171KB - Virtual size: 952KB

67:6e:20:ee:07:fc:c9:49:aa:7e:95:78:32:b7:bd:ab
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

ed:f5:c3:49:5b:98:7c:5f:f8:fe:c5:d1:e7:a4:d7:be:63:26:9e:cf:d8:4e:15:03:5b:3f:da:b1:e7:84:17:fc
Signer

.vmp…{
Size: - Virtual size: 952KB

.idata
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 4.5MB

.boot
Size: - Virtual size: 2.3MB

.vmp…Q
Size: - Virtual size: 266KB

.vmp…'
Size: 512B - Virtual size: 460B

.vmp…&
Size: 5.2MB - Virtual size: 5.2MB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 171KB - Virtual size: 952KB