2b54ccc44e89581b1005e8b6f24a7822

Sharing

Copy URL

Twitter E-mail

General

Target

2b54ccc44e89581b1005e8b6f24a7822
Size

4.6MB
MD5

2b54ccc44e89581b1005e8b6f24a7822
SHA1

d7de533078a3d1204e1a0c9440501928e0cf1285
SHA256

aef5c612c2920526ea0ccc636e689417885c2dfb17793de9a259d6ced6fdd7cc
SHA512

c8e1bf41b5dfe40bbf39cc534099c5224851ba8b97f545262eac0790c3cc3bcc7c1d381e6f95c4c2884d3979e1ee8e51b615adc182a726d591c5eeefec5ad120
SSDEEP

98304:8egQ59+/2UJtuHRTcJ1VzRasOnSDyE8m9j1EB+:KU+OdTejOSDyu2s

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

2b54ccc44e89581b1005e8b6f24a7822
.exe windows:4 windows x64 arch:x64

Code Sign

66:39:0f:c1:77:86:d4:a3:42:f0:ee:89:99:6d:65:22
Certificate

Issuer

CN=Logitech Z-906

Not Before

03-07-2021 10:07

Not After

04-07-2031 10:07

Subject

CN=Logitech Z-906

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

97:cc:5f:9e:0e:44:ae:44:43:89:01:dd:dc:88:09:cd:88:e2:37:46:72:1c:fe:42:d7:e6:39:04:8b:c6:0a:d4
Signer

Actual PE Digest

97:cc:5f:9e:0e:44:ae:44:43:89:01:dd:dc:88:09:cd:88:e2:37:46:72:1c:fe:42:d7:e6:39:04:8b:c6:0a:d4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 256KB - Virtual size: 632KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

66:39:0f:c1:77:86:d4:a3:42:f0:ee:89:99:6d:65:22Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

97:cc:5f:9e:0e:44:ae:44:43:89:01:dd:dc:88:09:cd:88:e2:37:46:72:1c:fe:42:d7:e6:39:04:8b:c6:0a:d4Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 256KB - Virtual size: 632KB

Size: 1.2MB - Virtual size: 1.2MB

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 127KB - Virtual size: 127KB

.themida Size: - Virtual size: 6.8MB

.boot Size: 3.1MB - Virtual size: 3.1MB

66:39:0f:c1:77:86:d4:a3:42:f0:ee:89:99:6d:65:22
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

97:cc:5f:9e:0e:44:ae:44:43:89:01:dd:dc:88:09:cd:88:e2:37:46:72:1c:fe:42:d7:e6:39:04:8b:c6:0a:d4
Signer

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 127KB - Virtual size: 127KB

.themida
Size: - Virtual size: 6.8MB

.boot
Size: 3.1MB - Virtual size: 3.1MB