e046c5e3f0ead64c214eaa411189b0001bdc5431f3a942d0e6fff1ba87fadb9f[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

e046c5e3f0ead64c214eaa411189b0001bdc5431f3a942d0e6fff1ba87fadb9f.exe
Size

4.3MB
MD5

ae2b1b79c7579bb64b1640303f88c05f
SHA1

aca79755589eaaaffb9d8beb477b0d3df50982c4
SHA256

e046c5e3f0ead64c214eaa411189b0001bdc5431f3a942d0e6fff1ba87fadb9f
SHA512

b5bad1bb105f85edb7389d1e2914e54468e7871aa46baf8395f985cbe2e8d9cda1da24dc2245c4bcf6de28ca8fc176b35be6af4a489c8f2cef4c4cb1b595aa27
SSDEEP

98304:oHj/GBkxFCBLVvr/jsfLy+y/rk3zw/EZk9oaE9AyiR2BWoA:w/ciFQVvXsOqdZydH20oA

Score

10^/10

themida

Malware Config

Signatures

Detects executables packed with Themida 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

e046c5e3f0ead64c214eaa411189b0001bdc5431f3a942d0e6fff1ba87fadb9f.exe
.exe windows:4 windows x86 arch:x86

Code Sign

48:87:a6:9a:a4:6c:87:4e:b4:7d:12:ad:b0:79:c5:95
Certificate

Issuer

CN=MSI PRO B760-P WIFI DDR4,OU=\ Intel Gen Core Pentium,O=\ Intel,L=²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†,ST=\ Realtek ALC897,C=6E Bluetooth

Not Before

21/01/2024, 13:40

Not After

26/06/2025, 00:00

Subject

CN=MSI PRO B760-P WIFI DDR4,OU=\ Intel Gen Core Pentium,O=\ Intel,L=²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†,ST=\ Realtek ALC897,C=6E Bluetooth

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bb:ba:56:cd:5a:b8:98:7d:d0:41:8a:48:40:b1:1d:4a:5b:76:8b:25:a6:9e:81:6f:36:1e:32:56:e3:01:44:53
Signer

Actual PE Digest

bb:ba:56:cd:5a:b8:98:7d:d0:41:8a:48:40:b1:1d:4a:5b:76:8b:25:a6:9e:81:6f:36:1e:32:56:e3:01:44:53

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.8MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

48:87:a6:9a:a4:6c:87:4e:b4:7d:12:ad:b0:79:c5:95Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

bb:ba:56:cd:5a:b8:98:7d:d0:41:8a:48:40:b1:1d:4a:5b:76:8b:25:a6:9e:81:6f:36:1e:32:56:e3:01:44:53Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 1.8MB - Virtual size: 1.9MB

Size: 12KB - Virtual size: 33KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 33KB - Virtual size: 33KB

.themida Size: - Virtual size: 4.3MB

.boot Size: 2.4MB - Virtual size: 2.4MB

48:87:a6:9a:a4:6c:87:4e:b4:7d:12:ad:b0:79:c5:95
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

bb:ba:56:cd:5a:b8:98:7d:d0:41:8a:48:40:b1:1d:4a:5b:76:8b:25:a6:9e:81:6f:36:1e:32:56:e3:01:44:53
Signer

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 33KB - Virtual size: 33KB

.themida
Size: - Virtual size: 4.3MB

.boot
Size: 2.4MB - Virtual size: 2.4MB