4cb040696b9ffb14794955b0e56eed04fde0cae3a5ee748dd513ad42c411c823

Sharing

Copy URL Twitter E-mail

General

Target

4cb040696b9ffb14794955b0e56eed04fde0cae3a5ee748dd513ad42c411c823
Size

3.9MB
MD5

ffee05ea98b1d51026a44fad0841a8a9
SHA1

50a703329c7b9812c17a02b554cf406040079fec
SHA256

4cb040696b9ffb14794955b0e56eed04fde0cae3a5ee748dd513ad42c411c823
SHA512

626ddc18a906b74a231daa5bcc092a90708e0e3d42e4db645d59d19de7ef38a2d91a843f11dbc7873d379bfa14e87c5fc6d09a657e0b44abd24b9991cb971f86
SSDEEP

98304:1g7avVbl5rwUSuYarwbM7JBPM5Cas7ILL0k1tc:uGvn5euxr8E0tscLLDU

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

4cb040696b9ffb14794955b0e56eed04fde0cae3a5ee748dd513ad42c411c823
.exe windows:6 windows x64 arch:x64

023aae353653db016d3a89da454d1d86

Code Sign

3a:02:06:9d:08:4a:9b:ae:45:54:63:5c:0d:b9:5a:8d
Certificate

Issuer

CN=œáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åz

Not Before

13/04/2024, 09:26

Not After

14/04/2034, 09:26

Subject

CN=œáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åzœáz±åz±åz±æz±åz±åz±åz

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:28:e5:f0:2b:50:0e:8a:fc:71:8c:0b:fd:44:06:b1:2f:94:08:4c:d3:79:bf:51:d8:ca:0f:01:e6:1f:43:9d
Signer

Actual PE Digest

5a:28:e5:f0:2b:50:0e:8a:fc:71:8c:0b:fd:44:06:b1:2f:94:08:4c:d3:79:bf:51:d8:ca:0f:01:e6:1f:43:9d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

GetCursorPos

advapi32

RegCloseKey

shell32

SHGetFolderPathA

ole32

CoCreateInstance

oleaut32

VariantClear

Sections

.text
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp(¿R
Size: - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp(¿R
Size: - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp(¿R
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp(¿R
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

023aae353653db016d3a89da454d1d86

Code Sign

3a:02:06:9d:08:4a:9b:ae:45:54:63:5c:0d:b9:5a:8dCertificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

5a:28:e5:f0:2b:50:0e:8a:fc:71:8c:0b:fd:44:06:b1:2f:94:08:4c:d3:79:bf:51:d8:ca:0f:01:e6:1f:43:9dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: - Virtual size: 1.6MB

.rdata Size: - Virtual size: 284KB

.data Size: - Virtual size: 44KB

.pdata Size: - Virtual size: 60KB

_RDATA Size: - Virtual size: 500B

.vmp(¿R Size: - Virtual size: 283KB

.reloc Size: - Virtual size: 8KB

.idata Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.themida Size: - Virtual size: 4.5MB

.vmp(¿R Size: - Virtual size: 390KB

.vmp(¿R Size: 1024B - Virtual size: 976B

.vmp(¿R Size: 3.6MB - Virtual size: 3.6MB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 284KB - Virtual size: 283KB

3a:02:06:9d:08:4a:9b:ae:45:54:63:5c:0d:b9:5a:8d
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

5a:28:e5:f0:2b:50:0e:8a:fc:71:8c:0b:fd:44:06:b1:2f:94:08:4c:d3:79:bf:51:d8:ca:0f:01:e6:1f:43:9d
Signer

.text
Size: - Virtual size: 1.6MB

.rdata
Size: - Virtual size: 284KB

.data
Size: - Virtual size: 44KB

.pdata
Size: - Virtual size: 60KB

_RDATA
Size: - Virtual size: 500B

.vmp(¿R
Size: - Virtual size: 283KB

.reloc
Size: - Virtual size: 8KB

.idata
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 4.5MB

.vmp(¿R
Size: - Virtual size: 390KB

.vmp(¿R
Size: 1024B - Virtual size: 976B

.vmp(¿R
Size: 3.6MB - Virtual size: 3.6MB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 284KB - Virtual size: 283KB