e1df1aabc15765a32e8642c474578eb1

Sharing

Copy URL

Twitter E-mail

General

Target

e1df1aabc15765a32e8642c474578eb1
Size

4.8MB
MD5

e1df1aabc15765a32e8642c474578eb1
SHA1

f66e219e915c80f4f4374084b7f0f8d15deadb22
SHA256

ac085734d51ca988db79b3078badc4ce24481eee7ef68db8811b1a98d2b3980c
SHA512

5665effd52d4dc16009ebcbc0f30af36942e816e108948e1e6e2797a3a90bafebe7802e2e2d40f4c85331a55c83c6c00234a90deaa2f67cb6d3796ba902810ec
SSDEEP

98304:0/JtoyeTQdvOnHnhjF/gEpLGdRbqn6LTqOdnwn:JySLEbqM2Odnwn

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

e1df1aabc15765a32e8642c474578eb1
.exe windows:4 windows x64 arch:x64

Code Sign

63:15:a8:1e:3a:05:7e:85:47:60:24:f0:e5:55:ae:6a
Certificate

Issuer

CN=Philips PowerLife GC 2998

Not Before

07/08/2021, 13:00

Not After

08/08/2031, 13:00

Subject

CN=Philips PowerLife GC 2998

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:18:43:27:d5:e1:f6:fa:37:aa:c4:7c:00:9b:0a:26:e6:03:31:83:99:b6:b4:31:18:b1:e3:3d:de:7c:86:d7
Signer

Actual PE Digest

52:18:43:27:d5:e1:f6:fa:37:aa:c4:7c:00:9b:0a:26:e6:03:31:83:99:b6:b4:31:18:b1:e3:3d:de:7c:86:d7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 331KB - Virtual size: 632KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

63:15:a8:1e:3a:05:7e:85:47:60:24:f0:e5:55:ae:6aCertificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

52:18:43:27:d5:e1:f6:fa:37:aa:c4:7c:00:9b:0a:26:e6:03:31:83:99:b6:b4:31:18:b1:e3:3d:de:7c:86:d7Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 331KB - Virtual size: 632KB

.rsrc Size: 178KB - Virtual size: 177KB

.idata Size: 512B - Virtual size: 8KB

.themida Size: 4.3MB - Virtual size: 4.3MB

63:15:a8:1e:3a:05:7e:85:47:60:24:f0:e5:55:ae:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

52:18:43:27:d5:e1:f6:fa:37:aa:c4:7c:00:9b:0a:26:e6:03:31:83:99:b6:b4:31:18:b1:e3:3d:de:7c:86:d7
Signer

.rsrc
Size: 178KB - Virtual size: 177KB

.idata
Size: 512B - Virtual size: 8KB

.themida
Size: 4.3MB - Virtual size: 4.3MB