d709b851b77aa0be36e457273efcefdb710c7d62e95191c930411d1c2dec5edb

Sharing

Copy URL Twitter E-mail

General

Target

d709b851b77aa0be36e457273efcefdb710c7d62e95191c930411d1c2dec5edb
Size

5.8MB
MD5

e13e77e4db785816f7a4e6ab6a0242d6
SHA1

3384dd77791dd538b7c74a9b7a1eb08b255ec303
SHA256

d709b851b77aa0be36e457273efcefdb710c7d62e95191c930411d1c2dec5edb
SHA512

4087532917db0573a931f5ddb783241ab7af42216a4a7528b37ad3b2bc7d2dd9cfc1459acba7629b0349d74f8475bb8423d2b18046038df78b24515d05c5d058
SSDEEP

49152:YE6agZ/hAG/EzkPgRbnYspAe1SDz8hP1rtNRBazRIfyW+8dZ6sNsHu1fvpoDc+VK:YF5P/EgoR9LPqPodks2LcRv/fEuSr8

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

d709b851b77aa0be36e457273efcefdb710c7d62e95191c930411d1c2dec5edb
.exe windows:6 windows x64 arch:x64

Code Sign

4c:d6:a7:55:02:e4:22:45:85:ab:85:3e:03:14:f2:3e
Certificate

Issuer

CN=NOKIA,OU=NOKIA,O=Creted by NOKIA,L=†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡,ST=Continental,C=Continental

Not Before

27/04/2024, 09:12

Not After

16/07/2027, 00:00

Subject

CN=NOKIA,OU=NOKIA,O=Creted by NOKIA,L=†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡†ÝB†ÝA†ÝA†ÝB†ÝB‡ÝA‡ÞB†ÝB†ÝB†ÝB‡ÝA‡,ST=Continental,C=Continental

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:da:99:f5:b7:f8:0f:e3:6b:04:23:8a:ba:97:ac:9c:6a:98:a7:04:0b:86:a1:a4:76:2c:c1:29:9a:64:1a:d3
Signer

Actual PE Digest

57:da:99:f5:b7:f8:0f:e3:6b:04:23:8a:ba:97:ac:9c:6a:98:a7:04:0b:86:a1:a4:76:2c:c1:29:9a:64:1a:d3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 655KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

4c:d6:a7:55:02:e4:22:45:85:ab:85:3e:03:14:f2:3eCertificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

57:da:99:f5:b7:f8:0f:e3:6b:04:23:8a:ba:97:ac:9c:6a:98:a7:04:0b:86:a1:a4:76:2c:c1:29:9a:64:1a:d3Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 655KB - Virtual size: 2.4MB

Size: 2KB - Virtual size: 3KB

.rsrc Size: 234KB - Virtual size: 233KB

.idata Size: 512B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.themida Size: 4.9MB - Virtual size: 4.9MB

4c:d6:a7:55:02:e4:22:45:85:ab:85:3e:03:14:f2:3e
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

57:da:99:f5:b7:f8:0f:e3:6b:04:23:8a:ba:97:ac:9c:6a:98:a7:04:0b:86:a1:a4:76:2c:c1:29:9a:64:1a:d3
Signer

.rsrc
Size: 234KB - Virtual size: 233KB

.idata
Size: 512B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.themida
Size: 4.9MB - Virtual size: 4.9MB