17193e86f62e20aa597407bec30d4fd3

Sharing

Copy URL

Twitter E-mail

General

Target

17193e86f62e20aa597407bec30d4fd3
Size

4.1MB
MD5

17193e86f62e20aa597407bec30d4fd3
SHA1

75f85441c0b74c886b4b62381ec79b76b504fb54
SHA256

2a3551360d6eb7de27ba62c6a90f42440ab6d3d451149505c84842fced280429
SHA512

de15743cf8ef62438121641ed0b746b93eba339705b60473e253d4b3ff21835175c2d9226eca1e135b8e2dc27a3a87930e18221dd22d26c5b4c214cc9d47e4e6
SSDEEP

49152:Y1DWi0yNmET0fqOrCsPbqRGFOKrCgDBHVVCP2JfwDJfv0N2q6nlI0MTUdvAjPX3e:Y1DVTK8oFd9H/1Qib6nl4IaN1+Hlx

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

17193e86f62e20aa597407bec30d4fd3
.exe windows:4 windows x86 arch:x86

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-01-2021 06:35

Not After

29-01-2022 06:35

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08-03-2016 13:10

Not After

30-05-2027 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-01-2021 06:35

Not After

29-01-2022 06:35

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08-03-2016 13:10

Not After

30-05-2027 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4f:bd:51:89:f5:70:eb:54:35:04:bc:b4:ea:ef:05:f3:9f:8a:7f:85:12:bf:7b:1e:d5:1b:bb:6f:97:69:d2:f9
Signer

Actual PE Digest

4f:bd:51:89:f5:70:eb:54:35:04:bc:b4:ea:ef:05:f3:9f:8a:7f:85:12:bf:7b:1e:d5:1b:bb:6f:97:69:d2:f9

Digest Algorithm

sha256

PE Digest Matches

false

f0:84:19:dc:3e:b7:40:3b:ac:27:24:5c:fa:12:f6:ed:c0:a5:d3:a8
Signer

Actual PE Digest

f0:84:19:dc:3e:b7:40:3b:ac:27:24:5c:fa:12:f6:ed:c0:a5:d3:a8

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 46KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9Certificate

Extended Key Usages

Key Usages

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9Certificate

Extended Key Usages

Key Usages

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

4f:bd:51:89:f5:70:eb:54:35:04:bc:b4:ea:ef:05:f3:9f:8a:7f:85:12:bf:7b:1e:d5:1b:bb:6f:97:69:d2:f9Signer

f0:84:19:dc:3e:b7:40:3b:ac:27:24:5c:fa:12:f6:ed:c0:a5:d3:a8Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 46KB - Virtual size: 112KB

Size: 1024B - Virtual size: 1KB

Size: 1024B - Virtual size: 12B

.vm_sec Size: 16KB - Virtual size: 16KB

.idata Size: 1024B - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 1KB

.themida Size: - Virtual size: 5.7MB

.boot Size: 4.0MB - Virtual size: 4.0MB

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9
Certificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9
Certificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

4f:bd:51:89:f5:70:eb:54:35:04:bc:b4:ea:ef:05:f3:9f:8a:7f:85:12:bf:7b:1e:d5:1b:bb:6f:97:69:d2:f9
Signer

f0:84:19:dc:3e:b7:40:3b:ac:27:24:5c:fa:12:f6:ed:c0:a5:d3:a8
Signer

.vm_sec
Size: 16KB - Virtual size: 16KB

.idata
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 1KB

.themida
Size: - Virtual size: 5.7MB

.boot
Size: 4.0MB - Virtual size: 4.0MB