cae17ff584c4f3a9508fe0d9ea93be5b

Sharing

Copy URL Twitter E-mail

General

Target

cae17ff584c4f3a9508fe0d9ea93be5b
Size

3.5MB
MD5

cae17ff584c4f3a9508fe0d9ea93be5b
SHA1

3c0143af948f5ca25838ce121b53d7b22f1ea031
SHA256

d3af237ddc814872c79660c9f64b851079f0bc07e7d9acd38282c11dd5e05167
SHA512

c29fb4f919f0bd28747ca3f8fff951ac01d476312a7659d74517d10c14d71a281203605ebbf20825e98c51754e4dec727e5197b3009a8a2360db36a07702da5f
SSDEEP

49152:Z57E2uVjM4/24cPTAnc3OTcqwurafVFbL6ZQMDmngwQ+Yf8WhI2OQ7SjmC0Oh+1e:Z57oVt/2tTHOTDroFpMCgwif7hpZpV1

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

cae17ff584c4f3a9508fe0d9ea93be5b
.exe windows:4 windows x86 arch:x86

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/01/2021, 06:35

Not After

29/01/2022, 06:35

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08/03/2016, 13:10

Not After

30/05/2027, 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/01/2021, 06:35

Not After

29/01/2022, 06:35

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08/03/2016, 13:10

Not After

30/05/2027, 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e2:00:32:5d:06:2b:20:0c:e5:46:fd:fe:4f:5b:1d:96:7c:90:4f:2e:35:a9:ec:be:71:7e:4b:ef:6a:b9:37:ac
Signer

Actual PE Digest

e2:00:32:5d:06:2b:20:0c:e5:46:fd:fe:4f:5b:1d:96:7c:90:4f:2e:35:a9:ec:be:71:7e:4b:ef:6a:b9:37:ac

Digest Algorithm

sha256

PE Digest Matches

false

47:b9:01:d8:5e:0f:68:4b:59:b8:9c:5a:ef:2c:5b:36:a6:5a:8b:fd
Signer

Actual PE Digest

47:b9:01:d8:5e:0f:68:4b:59:b8:9c:5a:ef:2c:5b:36:a6:5a:8b:fd

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 42KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9Certificate

Extended Key Usages

Key Usages

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9Certificate

Extended Key Usages

Key Usages

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

e2:00:32:5d:06:2b:20:0c:e5:46:fd:fe:4f:5b:1d:96:7c:90:4f:2e:35:a9:ec:be:71:7e:4b:ef:6a:b9:37:acSigner

47:b9:01:d8:5e:0f:68:4b:59:b8:9c:5a:ef:2c:5b:36:a6:5a:8b:fdSigner

Headers

DLL Characteristics

File Characteristics

Sections

Size: 42KB - Virtual size: 96KB

Size: 6KB - Virtual size: 67KB

Size: 1024B - Virtual size: 12B

.vm_sec Size: 32KB - Virtual size: 32KB

.idata Size: 1024B - Virtual size: 8KB

.rsrc Size: 68KB - Virtual size: 67KB

.themida Size: - Virtual size: 5.7MB

.boot Size: 3.3MB - Virtual size: 3.3MB

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9
Certificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9
Certificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

e2:00:32:5d:06:2b:20:0c:e5:46:fd:fe:4f:5b:1d:96:7c:90:4f:2e:35:a9:ec:be:71:7e:4b:ef:6a:b9:37:ac
Signer

47:b9:01:d8:5e:0f:68:4b:59:b8:9c:5a:ef:2c:5b:36:a6:5a:8b:fd
Signer

.vm_sec
Size: 32KB - Virtual size: 32KB

.idata
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 68KB - Virtual size: 67KB

.themida
Size: - Virtual size: 5.7MB

.boot
Size: 3.3MB - Virtual size: 3.3MB