d40fab4443e90a4f2fa843583c3f89a1

Sharing

Copy URL

Twitter E-mail

General

Target

d40fab4443e90a4f2fa843583c3f89a1
Size

4.3MB
MD5

d40fab4443e90a4f2fa843583c3f89a1
SHA1

f504eaf7a3139a12a58ecaee011ae6f486ec6297
SHA256

ba2eb409f65dfd657cf72d02e0e385a4c7417598246ef7b8b8f3febce971cea9
SHA512

5d6f36dc4115cc4b43feba51e93f660d7a26cddd00f725bc9342fd3bc3fc0547e981d8348e830809e63f03688fdd655195fdcbaaabb7d2e357458321f9785377
SSDEEP

98304:XkhaGOiWEkYVcijHazK7Wv63x3ahmSxRYzFTu000eg:UhaGOPErrjH+KqI/SUzlb00e

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

d40fab4443e90a4f2fa843583c3f89a1
.exe windows:4 windows x86 arch:x86

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-01-2021 06:35

Not After

29-01-2022 06:35

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08-03-2016 13:10

Not After

30-05-2027 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-01-2021 06:35

Not After

29-01-2022 06:35

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08-03-2016 13:10

Not After

30-05-2027 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fb:22:54:f6:ec:d8:6c:9d:58:73:33:87:ec:a9:a8:af:ac:50:c5:fb:65:58:54:e8:68:e0:57:72:07:1f:cb:ee
Signer

Actual PE Digest

fb:22:54:f6:ec:d8:6c:9d:58:73:33:87:ec:a9:a8:af:ac:50:c5:fb:65:58:54:e8:68:e0:57:72:07:1f:cb:ee

Digest Algorithm

sha256

PE Digest Matches

false

13:d9:5d:81:2d:ad:41:0c:3f:b6:7c:f7:e4:bc:15:4d:48:fe:0e:d8
Signer

Actual PE Digest

13:d9:5d:81:2d:ad:41:0c:3f:b6:7c:f7:e4:bc:15:4d:48:fe:0e:d8

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 42KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9Certificate

Extended Key Usages

Key Usages

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9Certificate

Extended Key Usages

Key Usages

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

fb:22:54:f6:ec:d8:6c:9d:58:73:33:87:ec:a9:a8:af:ac:50:c5:fb:65:58:54:e8:68:e0:57:72:07:1f:cb:eeSigner

13:d9:5d:81:2d:ad:41:0c:3f:b6:7c:f7:e4:bc:15:4d:48:fe:0e:d8Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 42KB - Virtual size: 96KB

Size: 20KB - Virtual size: 19KB

Size: 1024B - Virtual size: 12B

.vm_sec Size: 16KB - Virtual size: 16KB

.idata Size: 1024B - Virtual size: 8KB

.rsrc Size: 20KB - Virtual size: 19KB

.themida Size: - Virtual size: 5.9MB

.boot Size: 4.2MB - Virtual size: 4.2MB

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9
Certificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

50:42:c5:01:f1:f0:ba:29:e3:8e:1f:71:62:19:66:c9
Certificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

fb:22:54:f6:ec:d8:6c:9d:58:73:33:87:ec:a9:a8:af:ac:50:c5:fb:65:58:54:e8:68:e0:57:72:07:1f:cb:ee
Signer

13:d9:5d:81:2d:ad:41:0c:3f:b6:7c:f7:e4:bc:15:4d:48:fe:0e:d8
Signer

.vm_sec
Size: 16KB - Virtual size: 16KB

.idata
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 20KB - Virtual size: 19KB

.themida
Size: - Virtual size: 5.9MB

.boot
Size: 4.2MB - Virtual size: 4.2MB