ba8b8331cd6048f8a62ad5fd944c1780

Sharing

Copy URL Twitter E-mail

General

Target

ba8b8331cd6048f8a62ad5fd944c1780
Size

2.5MB
MD5

ba8b8331cd6048f8a62ad5fd944c1780
SHA1

f5274600cfc494e83556830240655ccc79abff44
SHA256

5eb2597b7d4dc422376cf09d7ab5b2e4bbd4738f0bf9d49587ca396fc7c254d6
SHA512

1e3d1f30ef786648bd563e4f813a2d3cd463e88d61ae569ccc8222f63dcfff03f4faf7d141f97db14b04fdfe44b792316eb4c82f37efdb1d16d58c0d9bc22a03
SSDEEP

49152:anb9RaqvRTHkRoKA7z3yKP20Zz8sZF+qMG5y1sIjDscK28Vxc79K1p25k9O0ZNWd:abTVHxlz3y42qpF+qPy1PjgQNo252OSU

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

ba8b8331cd6048f8a62ad5fd944c1780
.exe windows:4 windows x86 arch:x86

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:c0:38:e4:78:18:6b:67:2a:3a:7b:21:ba:85:dc:62
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/05/2018, 00:00

Not After

14/07/2021, 12:00

Subject

CN=Hugh Bailey,O=Hugh Bailey,L=Temecula,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:cb:c0:b4:fe:a5:20:01:32:48:c5:68:b2:94:96:8d:6d:e0:25:3b:ec:b1:f0:4d:22:0f:b5:91:5e:e6:90:6c:bb:99:56:6e:e7:81:1d:ec:1d:ac:97:fa:7d:ea:73:45:49:d9:3f:0d:25:f8:1e:e6:8b:ee:e9:d6:14:1c:c5:87
Signer

Actual PE Digest

a4:cb:c0:b4:fe:a5:20:01:32:48:c5:68:b2:94:96:8d:6d:e0:25:3b:ec:b1:f0:4d:22:0f:b5:91:5e:e6:90:6c:bb:99:56:6e:e7:81:1d:ec:1d:ac:97:fa:7d:ea:73:45:49:d9:3f:0d:25:f8:1e:e6:8b:ee:e9:d6:14:1c:c5:87

Digest Algorithm

sha512

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 34KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 136KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0d:c0:38:e4:78:18:6b:67:2a:3a:7b:21:ba:85:dc:62Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

a4:cb:c0:b4:fe:a5:20:01:32:48:c5:68:b2:94:96:8d:6d:e0:25:3b:ec:b1:f0:4d:22:0f:b5:91:5e:e6:90:6c:bb:99:56:6e:e7:81:1d:ec:1d:ac:97:fa:7d:ea:73:45:49:d9:3f:0d:25:f8:1e:e6:8b:ee:e9:d6:14:1c:c5:87Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 34KB - Virtual size: 96KB

Size: 136KB - Virtual size: 275KB

Size: 1024B - Virtual size: 12B

.vm_sec Size: 16KB - Virtual size: 16KB

.idata Size: 1024B - Virtual size: 8KB

.rsrc Size: 276KB - Virtual size: 275KB

.themida Size: - Virtual size: 4.5MB

.boot Size: 2.0MB - Virtual size: 2.0MB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0d:c0:38:e4:78:18:6b:67:2a:3a:7b:21:ba:85:dc:62
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

a4:cb:c0:b4:fe:a5:20:01:32:48:c5:68:b2:94:96:8d:6d:e0:25:3b:ec:b1:f0:4d:22:0f:b5:91:5e:e6:90:6c:bb:99:56:6e:e7:81:1d:ec:1d:ac:97:fa:7d:ea:73:45:49:d9:3f:0d:25:f8:1e:e6:8b:ee:e9:d6:14:1c:c5:87
Signer

.vm_sec
Size: 16KB - Virtual size: 16KB

.idata
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 276KB - Virtual size: 275KB

.themida
Size: - Virtual size: 4.5MB

.boot
Size: 2.0MB - Virtual size: 2.0MB