c391722237b752a1b19c782db8b2dd89

Sharing

Copy URL Twitter E-mail

General

Target

c391722237b752a1b19c782db8b2dd89
Size

3.8MB
MD5

c391722237b752a1b19c782db8b2dd89
SHA1

414eec13fb5e49f8683b1b1497c9409ec737d080
SHA256

a3ec2037301aaad08af46e902b0325c8ecf87e85e40f2c89c628b0b4bea4c8c9
SHA512

6989c0f68b520f392a8b1246c5a22dfc62f2f3bf3a04ec9f66033aba7b480ee621c4c82d5b739e118ecd248e3b3e0004ba448fe50a735dcb8bf4f3eee58c5ad5
SSDEEP

49152:UpzP+6FNA0di2gG0bHtl2AYsPzmaAjgpd7nvGAv8AoK3nr2amrDP:D082gPbNUAjzmadd7OAUXUkrD

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

c391722237b752a1b19c782db8b2dd89
.exe windows:4 windows x86 arch:x86

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/01/2021, 06:35

Not After

29/01/2022, 06:35

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08/03/2016, 13:10

Not After

30/05/2027, 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/01/2021, 06:35

Not After

29/01/2022, 06:35

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08/03/2016, 13:10

Not After

30/05/2027, 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e3:a4:c3:da:f1:41:f5:5a:f0:11:b1:8e:0d:92:99:fb:c7:10:3c:81:b6:80:1a:1f:3c:fd:fb:d5:c2:22:41:04
Signer

Actual PE Digest

e3:a4:c3:da:f1:41:f5:5a:f0:11:b1:8e:0d:92:99:fb:c7:10:3c:81:b6:80:1a:1f:3c:fd:fb:d5:c2:22:41:04

Digest Algorithm

sha256

PE Digest Matches

false

f8:9b:7e:ba:1c:b3:40:31:9d:ce:e2:ef:6a:fa:7b:20:60:2d:87:1a
Signer

Actual PE Digest

f8:9b:7e:ba:1c:b3:40:31:9d:ce:e2:ef:6a:fa:7b:20:60:2d:87:1a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 44KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9Certificate

Extended Key Usages

Key Usages

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9Certificate

Extended Key Usages

Key Usages

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

e3:a4:c3:da:f1:41:f5:5a:f0:11:b1:8e:0d:92:99:fb:c7:10:3c:81:b6:80:1a:1f:3c:fd:fb:d5:c2:22:41:04Signer

f8:9b:7e:ba:1c:b3:40:31:9d:ce:e2:ef:6a:fa:7b:20:60:2d:87:1aSigner

Headers

DLL Characteristics

File Characteristics

Sections

Size: 44KB - Virtual size: 104KB

Size: 1024B - Virtual size: 1KB

Size: 1024B - Virtual size: 12B

.vm_sec Size: 16KB - Virtual size: 16KB

.idata Size: 1024B - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 1KB

.themida Size: - Virtual size: 6.2MB

.boot Size: 3.7MB - Virtual size: 3.7MB

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9
Certificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9
Certificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

e3:a4:c3:da:f1:41:f5:5a:f0:11:b1:8e:0d:92:99:fb:c7:10:3c:81:b6:80:1a:1f:3c:fd:fb:d5:c2:22:41:04
Signer

f8:9b:7e:ba:1c:b3:40:31:9d:ce:e2:ef:6a:fa:7b:20:60:2d:87:1a
Signer

.vm_sec
Size: 16KB - Virtual size: 16KB

.idata
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 1KB

.themida
Size: - Virtual size: 6.2MB

.boot
Size: 3.7MB - Virtual size: 3.7MB