acfa700a776ef8622839fd22f3bcca3e7183e3ee2e21473ca0d9ccdc895c4afd

Sharing

Copy URL Twitter E-mail

General

Target

acfa700a776ef8622839fd22f3bcca3e7183e3ee2e21473ca0d9ccdc895c4afd
Size

4.6MB
MD5

a3dea4c1f895c2729505cb4712ad469d
SHA1

fdfeebab437bf7f97fb848cd67abec9409adb3b2
SHA256

acfa700a776ef8622839fd22f3bcca3e7183e3ee2e21473ca0d9ccdc895c4afd
SHA512

9da049b6e9169e1079182ce04fd852e823d6bb31f0be3a814ee687047f3831c3cac58dd46b6a8592714afd102233d40a70a0b66e5f094d014c7059b119aa11c4
SSDEEP

98304:8YbMJ0o1ZTbhGv4XxDaoVsT2G0u6loCn3bcbz7ikKUKgavi0mtlnla:pbcZTbgoxDoT2RujC3bM1Kgimjla

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

acfa700a776ef8622839fd22f3bcca3e7183e3ee2e21473ca0d9ccdc895c4afd
.exe windows:4 windows x86 arch:x86

Code Sign

23:20:ba:76:1b:e8:0e:a7:40:6d:3c:b4:d4:c4:ab:dd
Certificate

Issuer

CN=Toshiba MQ01ABDxx 2.5 MQ01ABD050

Not Before

20/06/2022, 19:19

Not After

21/06/2032, 19:19

Subject

CN=Toshiba MQ01ABDxx 2.5 MQ01ABD050

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:7c:7e:78:ca:cf:dd:b4:cb:8c:d6:b7:38:cf:b3:0a:e4:af:98:5e:1f:d2:07:66:a9:98:13:8e:ed:7b:14:c2
Signer

Actual PE Digest

ea:7c:7e:78:ca:cf:dd:b4:cb:8c:d6:b7:38:cf:b3:0a:e4:af:98:5e:1f:d2:07:66:a9:98:13:8e:ed:7b:14:c2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 82KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 624KB - Virtual size: 624KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

23:20:ba:76:1b:e8:0e:a7:40:6d:3c:b4:d4:c4:ab:ddCertificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

ea:7c:7e:78:ca:cf:dd:b4:cb:8c:d6:b7:38:cf:b3:0a:e4:af:98:5e:1f:d2:07:66:a9:98:13:8e:ed:7b:14:c2Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 82KB - Virtual size: 176KB

.rsrc Size: 624KB - Virtual size: 624KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.themida Size: - Virtual size: 6.1MB

.boot Size: 3.9MB - Virtual size: 3.9MB

23:20:ba:76:1b:e8:0e:a7:40:6d:3c:b4:d4:c4:ab:dd
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

ea:7c:7e:78:ca:cf:dd:b4:cb:8c:d6:b7:38:cf:b3:0a:e4:af:98:5e:1f:d2:07:66:a9:98:13:8e:ed:7b:14:c2
Signer

.rsrc
Size: 624KB - Virtual size: 624KB

.idata
Size: 512B - Virtual size: 8KB

.themida
Size: - Virtual size: 6.1MB

.boot
Size: 3.9MB - Virtual size: 3.9MB