b95295d8a6fa1071340cab5054860161

Sharing

Copy URL

Twitter E-mail

General

Target

b95295d8a6fa1071340cab5054860161
Size

4.7MB
MD5

b95295d8a6fa1071340cab5054860161
SHA1

377714f8ed84e6ed7f6e66f788a3e0498588c8b1
SHA256

eb418cf6610dcf5ef62b1349051591d995e51c601f91ddf9fde08013656d6eb5
SHA512

9075a363ca0d4325c21f16d92a242d19e143c472bcb333a6e51835e4f59ce41ed02fa4389ce366e0420e4ced2ee27dfb5652105db16c809636ef437ad74313d1
SSDEEP

98304:yvyu7TRge+oa0uaDpFRBkLDBo/MuBGnY8IEr3kXx1:ylRge+4uaLYIXMH0Xx1

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

b95295d8a6fa1071340cab5054860161
.exe windows:4 windows x64 arch:x64

Code Sign

7f:2e:ac:50:c0:6d:29:9a:49:ca:f5:d3:49:1c:67:6a
Certificate

Issuer

CN=Acer Nitro 5 AN515-45 [AN515-45-R44U] (NH.QBRER.007)

Not Before

17/06/2021, 17:20

Not After

18/06/2031, 17:20

Subject

CN=Acer Nitro 5 AN515-45 [AN515-45-R44U] (NH.QBRER.007)

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f8:20:80:74:5b:1b:fc:7f:a5:eb:d2:3b:25:f3:50:2a:c1:71:38:08:a0:e0:1d:ee:6a:76:cd:86:3c:f9:bd:68
Signer

Actual PE Digest

f8:20:80:74:5b:1b:fc:7f:a5:eb:d2:3b:25:f3:50:2a:c1:71:38:08:a0:e0:1d:ee:6a:76:cd:86:3c:f9:bd:68

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 1.8MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 10KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 275KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 61KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 38KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 28KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

7f:2e:ac:50:c0:6d:29:9a:49:ca:f5:d3:49:1c:67:6aCertificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

f8:20:80:74:5b:1b:fc:7f:a5:eb:d2:3b:25:f3:50:2a:c1:71:38:08:a0:e0:1d:ee:6a:76:cd:86:3c:f9:bd:68Signer

Headers

File Characteristics

Sections

Size: 1.8MB - Virtual size: 5.3MB

Size: 10KB - Virtual size: 64KB

Size: 275KB - Virtual size: 1.1MB

Size: 61KB - Virtual size: 180KB

Size: 38KB - Virtual size: 224KB

Size: - Virtual size: 3.1MB

Size: 1024B - Virtual size: 17KB

Size: 512B - Virtual size: 112B

Size: 512B - Virtual size: 16B

Size: 28KB - Virtual size: 70KB

.idata Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 13KB - Virtual size: 13KB

.themida Size: - Virtual size: 5.7MB

.boot Size: 2.4MB - Virtual size: 2.4MB

7f:2e:ac:50:c0:6d:29:9a:49:ca:f5:d3:49:1c:67:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

f8:20:80:74:5b:1b:fc:7f:a5:eb:d2:3b:25:f3:50:2a:c1:71:38:08:a0:e0:1d:ee:6a:76:cd:86:3c:f9:bd:68
Signer

.idata
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 13KB - Virtual size: 13KB

.themida
Size: - Virtual size: 5.7MB

.boot
Size: 2.4MB - Virtual size: 2.4MB