182c6742024c518ae1e78aea3329c6f3eba8d2365da0b3708c503ec4a2df8275

Sharing

Copy URL

Twitter E-mail

General

Target

182c6742024c518ae1e78aea3329c6f3eba8d2365da0b3708c503ec4a2df8275
Size

4.5MB
MD5

520a7d8e4a35bf5d6a565d59f73a2ef4
SHA1

a1d75569988947b7f1749b9423232ea08b2b1a5a
SHA256

182c6742024c518ae1e78aea3329c6f3eba8d2365da0b3708c503ec4a2df8275
SHA512

e4adfee0e2f2cf80c602dbee3796858c6b0b6a93c94be5b506f710dbf58fad57aef162e91bd666815c79d8034e8f37128a26123d9a3759764562b93e0b3f4139
SSDEEP

49152:nwzLYUF2pdsnxy5riXlqReseT28irs2yzkUhe3+mFRFCv0V/WZvx0JUy:yLYUudsnpQYI+M0v0V+Zx0Jd

Score

10^/10

themida

Malware Config

Signatures

Detects executables packed with Themida 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

182c6742024c518ae1e78aea3329c6f3eba8d2365da0b3708c503ec4a2df8275
.exe windows:6 windows x86 arch:x86

Code Sign

26:7f:82:41:7f:05:14:aa:40:12:5f:7d:af:35:ef:a9
Certificate

Issuer

CN=Panasonic SC-TMAX20 Combo version

Not Before

11/08/2022, 11:40

Not After

12/08/2032, 11:40

Subject

CN=Panasonic SC-TMAX20 Combo version

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6c:78:44:2c:e7:0e:6b:e3:ac:22:92:68:d1:b4:f1:18:bc:37:85:5e:7a:3c:ed:08:d9:a8:5d:c6:5c:b8:66:57
Signer

Actual PE Digest

6c:78:44:2c:e7:0e:6b:e3:ac:22:92:68:d1:b4:f1:18:bc:37:85:5e:7a:3c:ed:08:d9:a8:5d:c6:5c:b8:66:57

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 53KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 485KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

26:7f:82:41:7f:05:14:aa:40:12:5f:7d:af:35:ef:a9Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

6c:78:44:2c:e7:0e:6b:e3:ac:22:92:68:d1:b4:f1:18:bc:37:85:5e:7a:3c:ed:08:d9:a8:5d:c6:5c:b8:66:57Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 53KB - Virtual size: 112KB

Size: 7KB - Virtual size: 26KB

Size: 512B - Virtual size: 5KB

Size: 485KB - Virtual size: 1.0MB

Size: 4KB - Virtual size: 5KB

.idata Size: 512B - Virtual size: 4KB

.rsrc Size: 38KB - Virtual size: 38KB

.themida Size: 3.9MB - Virtual size: 3.9MB

26:7f:82:41:7f:05:14:aa:40:12:5f:7d:af:35:ef:a9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

6c:78:44:2c:e7:0e:6b:e3:ac:22:92:68:d1:b4:f1:18:bc:37:85:5e:7a:3c:ed:08:d9:a8:5d:c6:5c:b8:66:57
Signer

.idata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 38KB - Virtual size: 38KB

.themida
Size: 3.9MB - Virtual size: 3.9MB