047bad573313d7f2c9e206c302bf3535

Sharing

Copy URL Twitter E-mail

General

Target

047bad573313d7f2c9e206c302bf3535
Size

3.8MB
MD5

047bad573313d7f2c9e206c302bf3535
SHA1

a9719ac5e45216753b020a337d94cbae9a92d50c
SHA256

465fbcaf8a5db7627900294e1fad0c8fa97d57d10a2dac2063343ddbdc048296
SHA512

963ca6c7b4a1c0993e29b4a4f632d1ec6d3579a224b7264b78cec0d249dd4034004308aee9f3ed1e73618ac4c68ab46f7cbcebab0126adab118f39a4058ac1df
SSDEEP

98304:oGLTSynvVAdxxyxbXtcnherPiYizmJ4B5SRuV6FSp2U:oG6yvIyXtKerqYJgV6FI

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

047bad573313d7f2c9e206c302bf3535
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:e4:2a:50:6f:43:8b:11:62:77:58:de:3e:70:dd:f3
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

27/01/2017, 13:38

Not After

27/01/2018, 13:38

Subject

CN=Open Source Developer\, Oliver Valencia,O=Open Source Developer,C=DE,1.2.840.113549.1.9.1=#0c216b65726265726f733030324075736572732e736f75726365666f7267652e6e6574

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:e4:2a:50:6f:43:8b:11:62:77:58:de:3e:70:dd:f3
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

27/01/2017, 13:38

Not After

27/01/2018, 13:38

Subject

CN=Open Source Developer\, Oliver Valencia,O=Open Source Developer,C=DE,1.2.840.113549.1.9.1=#0c216b65726265726f733030324075736572732e736f75726365666f7267652e6e6574

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c1:27:bc:eb:7c:15:20:e6:61:b7:4d:f9:d4:e9:5c:c7:d8:ee:08:c5:b5:42:d7:6d:66:72:cf:ae:6b:4a:99:c6
Signer

Actual PE Digest

c1:27:bc:eb:7c:15:20:e6:61:b7:4d:f9:d4:e9:5c:c7:d8:ee:08:c5:b5:42:d7:6d:66:72:cf:ae:6b:4a:99:c6

Digest Algorithm

sha256

PE Digest Matches

false

9d:36:60:0f:75:26:ef:5e:a9:ec:1e:a0:55:5b:c1:77:d3:48:ab:bd
Signer

Actual PE Digest

9d:36:60:0f:75:26:ef:5e:a9:ec:1e:a0:55:5b:c1:77:d3:48:ab:bd

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 40KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

4f:e4:2a:50:6f:43:8b:11:62:77:58:de:3e:70:dd:f3Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

4f:e4:2a:50:6f:43:8b:11:62:77:58:de:3e:70:dd:f3Certificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

c1:27:bc:eb:7c:15:20:e6:61:b7:4d:f9:d4:e9:5c:c7:d8:ee:08:c5:b5:42:d7:6d:66:72:cf:ae:6b:4a:99:c6Signer

9d:36:60:0f:75:26:ef:5e:a9:ec:1e:a0:55:5b:c1:77:d3:48:ab:bdSigner

Headers

DLL Characteristics

File Characteristics

Sections

Size: 40KB - Virtual size: 96KB

Size: 1024B - Virtual size: 1KB

Size: 1024B - Virtual size: 12B

.vm_sec Size: 16KB - Virtual size: 16KB

.idata Size: 1024B - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 1KB

.themida Size: - Virtual size: 6.4MB

.boot Size: 3.8MB - Virtual size: 3.8MB

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

4f:e4:2a:50:6f:43:8b:11:62:77:58:de:3e:70:dd:f3
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

4f:e4:2a:50:6f:43:8b:11:62:77:58:de:3e:70:dd:f3
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

c1:27:bc:eb:7c:15:20:e6:61:b7:4d:f9:d4:e9:5c:c7:d8:ee:08:c5:b5:42:d7:6d:66:72:cf:ae:6b:4a:99:c6
Signer

9d:36:60:0f:75:26:ef:5e:a9:ec:1e:a0:55:5b:c1:77:d3:48:ab:bd
Signer

.vm_sec
Size: 16KB - Virtual size: 16KB

.idata
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 1KB

.themida
Size: - Virtual size: 6.4MB

.boot
Size: 3.8MB - Virtual size: 3.8MB