2cdea1be98b79c40f2ea6c1a5c35091b

Sharing

Copy URL

Twitter E-mail

General

Target

2cdea1be98b79c40f2ea6c1a5c35091b
Size

2.2MB
MD5

2cdea1be98b79c40f2ea6c1a5c35091b
SHA1

7b41fdc8a6c33229b861394370fc1f9075f9398a
SHA256

638b05fb1c457380128bf1871a0439d7885370a903a737be0175773695ca74b9
SHA512

3ec3463643d97f469a759f88618913b4e816c18e6cee5ddb0a98833ffe74b29896c6548d808415fe5919b03bfe01aef7f6d94e0563617998639566f05ec78c4b
SSDEEP

49152:uHBqvWkJvFCgA/woQUeTPDao42X3WSLPYt1B7C5q6SI:uAukpIgA/wEeTDaXg3nABER

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

2cdea1be98b79c40f2ea6c1a5c35091b
.exe windows:4 windows x86 arch:x86

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:92:c2:41:54:51:ab:12:07:40:4e:95:55:78:88:13
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30-08-2018 00:00

Not After

07-09-2021 12:00

Subject

CN=Exodus Movement Inc,O=Exodus Movement Inc,L=Wilmington,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c7:d1:6d:3c:df:15:62:ca:89:0a:59:0e:fb:bd:89:1b:82:90:b9:54:31:57:8f:75:02:6f:47:92:a0:cc:51:b0
Signer

Actual PE Digest

c7:d1:6d:3c:df:15:62:ca:89:0a:59:0e:fb:bd:89:1b:82:90:b9:54:31:57:8f:75:02:6f:47:92:a0:cc:51:b0

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 35KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 136KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0f:92:c2:41:54:51:ab:12:07:40:4e:95:55:78:88:13Certificate

Extended Key Usages

Key Usages

c7:d1:6d:3c:df:15:62:ca:89:0a:59:0e:fb:bd:89:1b:82:90:b9:54:31:57:8f:75:02:6f:47:92:a0:cc:51:b0Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 35KB - Virtual size: 96KB

Size: 136KB - Virtual size: 275KB

Size: 1024B - Virtual size: 12B

.vm_sec Size: 16KB - Virtual size: 16KB

.idata Size: 1024B - Virtual size: 8KB

.rsrc Size: 276KB - Virtual size: 275KB

.themida Size: - Virtual size: 4.3MB

.boot Size: 1.7MB - Virtual size: 1.7MB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0f:92:c2:41:54:51:ab:12:07:40:4e:95:55:78:88:13
Certificate

c7:d1:6d:3c:df:15:62:ca:89:0a:59:0e:fb:bd:89:1b:82:90:b9:54:31:57:8f:75:02:6f:47:92:a0:cc:51:b0
Signer

.vm_sec
Size: 16KB - Virtual size: 16KB

.idata
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 276KB - Virtual size: 275KB

.themida
Size: - Virtual size: 4.3MB

.boot
Size: 1.7MB - Virtual size: 1.7MB