ad6fce0e693d2daad19bbf27a7c69d8d

Sharing

Copy URL Twitter E-mail

General

Target

ad6fce0e693d2daad19bbf27a7c69d8d
Size

3.1MB
MD5

ad6fce0e693d2daad19bbf27a7c69d8d
SHA1

23875e995058594bca86bb1bf6fa10dda2ee3867
SHA256

1194e78d0f5e2d04efc1edd280cbe7548197eecbb2522a7e54a3199931df1adf
SHA512

c9a7e5a9b4f0f49aa0bee2cbe5f2f539c2b1d7d4f8a99e29cb4795c59430adae44a6621e0690477d0bfd4319e912e0b1d64077105d9f48184f18b389ab93a747
SSDEEP

98304:bjIvrdQLuT/Ce8LT+mvqHhYkjU1wA/Q8CZC:nI9NyTSOJ1R48d

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

ad6fce0e693d2daad19bbf27a7c69d8d
.exe windows:4 windows x64 arch:x64

Code Sign

66:39:0f:c1:77:86:d4:a3:42:f0:ee:89:99:6d:65:22
Certificate

Issuer

CN=Logitech Z-906

Not Before

03/07/2021, 10:07

Not After

04/07/2031, 10:07

Subject

CN=Logitech Z-906

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ec:cc:e6:8a:a3:b3:11:32:d7:6e:b5:f6:84:70:82:28:7f:59:b7:16:f6:95:4b:d2:ef:d4:95:2c:51:d3:7c:26
Signer

Actual PE Digest

ec:cc:e6:8a:a3:b3:11:32:d7:6e:b5:f6:84:70:82:28:7f:59:b7:16:f6:95:4b:d2:ef:d4:95:2c:51:d3:7c:26

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 307KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 756KB - Virtual size: 845KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

🈷️
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

66:39:0f:c1:77:86:d4:a3:42:f0:ee:89:99:6d:65:22Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

ec:cc:e6:8a:a3:b3:11:32:d7:6e:b5:f6:84:70:82:28:7f:59:b7:16:f6:95:4b:d2:ef:d4:95:2c:51:d3:7c:26Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 307KB - Virtual size: 1.0MB

Size: 756KB - Virtual size: 845KB

.idata Size: 512B - Virtual size: 8KB

🈷️ Size: 100KB - Virtual size: 100KB

.themida Size: - Virtual size: 4.7MB

.boot Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 100KB - Virtual size: 100KB

66:39:0f:c1:77:86:d4:a3:42:f0:ee:89:99:6d:65:22
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

ec:cc:e6:8a:a3:b3:11:32:d7:6e:b5:f6:84:70:82:28:7f:59:b7:16:f6:95:4b:d2:ef:d4:95:2c:51:d3:7c:26
Signer

.idata
Size: 512B - Virtual size: 8KB

🈷️
Size: 100KB - Virtual size: 100KB

.themida
Size: - Virtual size: 4.7MB

.boot
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 100KB - Virtual size: 100KB