169e42fbca802843c30521711940967a0a9a26fe0d64c21450ea04adebeb8668

Sharing

Copy URL Twitter E-mail

General

Target

169e42fbca802843c30521711940967a0a9a26fe0d64c21450ea04adebeb8668
Size

2.8MB
MD5

ee46f374015c1eb2b81e89a6bf8ec3e6
SHA1

0159ab14672004e703214468dc95312a8bcef071
SHA256

169e42fbca802843c30521711940967a0a9a26fe0d64c21450ea04adebeb8668
SHA512

3ccf2500e07b804c8998ae86104593d558d7613e586a97ed950b0ce52f40516e908e754dfe59fab397ea3c2b732cac0576ff4add6d51b8c0bdbf30932227382e
SSDEEP

49152:5103N3yosjDHseODix1JKgwiN2tWuRgOiEOp6FfbUMhQyrryN5udFWE2pd/peP1:vqszseOh02tnHOif4M6im2dQRPeP1

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

169e42fbca802843c30521711940967a0a9a26fe0d64c21450ea04adebeb8668
.exe windows:4 windows x86 arch:x86

Code Sign

4e:04:2c:42:f9:de:68:8e:4a:6f:c2:f8:41:40:d4:f9
Certificate

Issuer

CN=Logitech H153 Wired Headset Black 2.0 overhead 20 Hz - 20000 Hz 22Ω corded cable - 1.8 m

Not Before

23/11/2023, 09:28

Not After

24/11/2033, 09:28

Subject

CN=Logitech H153 Wired Headset Black 2.0 overhead 20 Hz - 20000 Hz 22Ω corded cable - 1.8 m

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:ad:e1:ef:3d:2c:41:c8:11:63:07:38:ad:69:02:8b:fe:20:7b:d4:b3:6c:e4:82:18:a1:8b:ef:36:06:97:9d
Signer

Actual PE Digest

9a:ad:e1:ef:3d:2c:41:c8:11:63:07:38:ad:69:02:8b:fe:20:7b:d4:b3:6c:e4:82:18:a1:8b:ef:36:06:97:9d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 83KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 56KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

4e:04:2c:42:f9:de:68:8e:4a:6f:c2:f8:41:40:d4:f9Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

9a:ad:e1:ef:3d:2c:41:c8:11:63:07:38:ad:69:02:8b:fe:20:7b:d4:b3:6c:e4:82:18:a1:8b:ef:36:06:97:9dSigner

Headers

DLL Characteristics

File Characteristics

Sections

Size: 83KB - Virtual size: 176KB

Size: 56KB - Virtual size: 262KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 7KB - Virtual size: 8KB

.themida Size: - Virtual size: 5.3MB

.boot Size: 2.7MB - Virtual size: 2.7MB

4e:04:2c:42:f9:de:68:8e:4a:6f:c2:f8:41:40:d4:f9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

9a:ad:e1:ef:3d:2c:41:c8:11:63:07:38:ad:69:02:8b:fe:20:7b:d4:b3:6c:e4:82:18:a1:8b:ef:36:06:97:9d
Signer

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 7KB - Virtual size: 8KB

.themida
Size: - Virtual size: 5.3MB

.boot
Size: 2.7MB - Virtual size: 2.7MB