09d83c47610228fcfa9ac97cddd492fe

Sharing

Copy URL Twitter E-mail

General

Target

09d83c47610228fcfa9ac97cddd492fe
Size

5.9MB
MD5

09d83c47610228fcfa9ac97cddd492fe
SHA1

fc63d772dfbf7cde2323f39fadcafbae86894c6a
SHA256

3d6a3c3b0bfcd73cb4a07aabfdc5a915b7bc38c835cf5d87b724bc5aa7704653
SHA512

2b6e85774a56c58e5ce133406924e38d6b4de8fffd5a46b27813cf738b69a28c877f440a863217fa6983813353a54798b608b1db1f95375ddf4a19e82be2a940
SSDEEP

98304:zHnsPm6NnBOVLoSWn2wYkCRbZJ1Q9NEkiMsM:zHnomonIoj2uCRb1Spi3M

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

09d83c47610228fcfa9ac97cddd492fe
.exe windows:4 windows x64 arch:x64

Code Sign

10:6c:31:52:1b:fe:44:ac:4b:2c:01:49:df:98:c8:56
Certificate

Issuer

CN=Nikon Speedlight SB-5000

Not Before

24/07/2021, 15:28

Not After

25/07/2031, 15:28

Subject

CN=Nikon Speedlight SB-5000

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:b9:16:c5:7e:12:75:47:19:7a:8f:87:f1:2b:6a:b5:34:fa:0d:d9:41:62:3d:b6:b3:66:d7:a0:ee:df:77:bd
Signer

Actual PE Digest

a3:b9:16:c5:7e:12:75:47:19:7a:8f:87:f1:2b:6a:b5:34:fa:0d:d9:41:62:3d:b6:b3:66:d7:a0:ee:df:77:bd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 415KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vm_sec
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

▪️GO
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.themida
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

10:6c:31:52:1b:fe:44:ac:4b:2c:01:49:df:98:c8:56Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

a3:b9:16:c5:7e:12:75:47:19:7a:8f:87:f1:2b:6a:b5:34:fa:0d:d9:41:62:3d:b6:b3:66:d7:a0:ee:df:77:bdSigner

Headers

DLL Characteristics

File Characteristics

Sections

Size: 415KB - Virtual size: 1.0MB

Size: 1.1MB - Virtual size: 1.1MB

.vm_sec Size: 32KB - Virtual size: 32KB

.idata Size: 512B - Virtual size: 8KB

▪️GO Size: 14KB - Virtual size: 14KB

.themida Size: 4.3MB - Virtual size: 4.3MB

.rsrc Size: 14KB - Virtual size: 14KB

10:6c:31:52:1b:fe:44:ac:4b:2c:01:49:df:98:c8:56
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

a3:b9:16:c5:7e:12:75:47:19:7a:8f:87:f1:2b:6a:b5:34:fa:0d:d9:41:62:3d:b6:b3:66:d7:a0:ee:df:77:bd
Signer

.vm_sec
Size: 32KB - Virtual size: 32KB

.idata
Size: 512B - Virtual size: 8KB

▪️GO
Size: 14KB - Virtual size: 14KB

.themida
Size: 4.3MB - Virtual size: 4.3MB

.rsrc
Size: 14KB - Virtual size: 14KB