dcfe1a4e929fd6143d499a237472374f

Sharing

Copy URL Twitter E-mail

General

Target

dcfe1a4e929fd6143d499a237472374f
Size

3.6MB
MD5

dcfe1a4e929fd6143d499a237472374f
SHA1

364a43aad623ce61b8372c19beec5e1d4fd874f4
SHA256

1b80f5d443095b70ae619563d6819ccd16e0961589cc6d2155a1d498a63fa146
SHA512

7602cf550cc2472f1c4eaf98ba53bd9f7e294e2b3a9578057c9446151735a229dda05b3f62cf8950c726bf53312cab0b433f8e5aa48a4b8a5fa6552605cf85e1
SSDEEP

49152:khrr+MvsnIISwKrw6PWrMX7c2zF8DWviO1w4z+Cqd6Rxiv3E/pbh3jvIAt:2rr+MvgIk47Prp+yvAc+6xmE/p5bPt

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

dcfe1a4e929fd6143d499a237472374f
.exe windows:4 windows x86 arch:x86

Code Sign

5f:f8:31:2e:4d:59:13:a0:40:90:3d:f1:5b:88:9f:9e
Certificate

Issuer

CN=FeiYu Tech AK2000

Not Before

06/09/2021, 10:23

Not After

07/09/2031, 10:23

Subject

CN=FeiYu Tech AK2000

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:b8:5a:ba:d8:70:08:05:d9:61:e5:09:93:02:27:2c:56:17:b5:b5:e4:b6:ce:0a:bb:c9:24:92:7e:e0:c6:57
Signer

Actual PE Digest

33:b8:5a:ba:d8:70:08:05:d9:61:e5:09:93:02:27:2c:56:17:b5:b5:e4:b6:ce:0a:bb:c9:24:92:7e:e0:c6:57

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 90KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

5f:f8:31:2e:4d:59:13:a0:40:90:3d:f1:5b:88:9f:9eCertificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

33:b8:5a:ba:d8:70:08:05:d9:61:e5:09:93:02:27:2c:56:17:b5:b5:e4:b6:ce:0a:bb:c9:24:92:7e:e0:c6:57Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 90KB - Virtual size: 192KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.themida Size: - Virtual size: 3.9MB

.boot Size: 2.3MB - Virtual size: 2.3MB

5f:f8:31:2e:4d:59:13:a0:40:90:3d:f1:5b:88:9f:9e
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

33:b8:5a:ba:d8:70:08:05:d9:61:e5:09:93:02:27:2c:56:17:b5:b5:e4:b6:ce:0a:bb:c9:24:92:7e:e0:c6:57
Signer

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.idata
Size: 512B - Virtual size: 8KB

.themida
Size: - Virtual size: 3.9MB

.boot
Size: 2.3MB - Virtual size: 2.3MB