b07e47c7d50a5b96eacc76034c9f1b54dfb415141c397bd5bcc0906ec166dd0c

Sharing

Copy URL Twitter E-mail

General

Target

b07e47c7d50a5b96eacc76034c9f1b54dfb415141c397bd5bcc0906ec166dd0c
Size

3.7MB
MD5

cfe9e2039cd9ea6a83b1203f85c82e57
SHA1

91d40b021797b96612bc026f0f82ebb64733e400
SHA256

b07e47c7d50a5b96eacc76034c9f1b54dfb415141c397bd5bcc0906ec166dd0c
SHA512

dfaa76cca007f09230789fea55a1822036f19b8db0b9509d3b3dac453c2eb63c9bdf9e9ec9ae58d2e1d1c63ed81330c45da06792a8eea6fd5993bb70569e3c58
SSDEEP

98304:GcRSSYK8h5OOdD8n4sNY/HG51tRrbYnwds:GYB0+IDTsK/GHjbYnwC

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

b07e47c7d50a5b96eacc76034c9f1b54dfb415141c397bd5bcc0906ec166dd0c
.exe windows:4 windows x86 arch:x86

Code Sign

5d:44:fd:ba:0f:5e:bd:47:aa:22:db:ff:45:9b:e5:dd
Certificate

Issuer

CN=A4 TECH USA,OU=ENGLAND SYSTEMS INC,O=Digital combo,L=(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/\,ST=Made in France,C=FRANCE

Not Before

24/05/2024, 15:05

Not After

13/06/2026, 00:00

Subject

CN=A4 TECH USA,OU=ENGLAND SYSTEMS INC,O=Digital combo,L=(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/(*=-=*)/\,ST=Made in France,C=FRANCE

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:61:4f:9f:b6:5c:06:5c:d4:84:3d:65:ee:47:ed:7b:dc:01:f3:0e:8e:f1:4a:3e:fb:ca:4f:dd:cd:71:a7:70
Signer

Actual PE Digest

d8:61:4f:9f:b6:5c:06:5c:d4:84:3d:65:ee:47:ed:7b:dc:01:f3:0e:8e:f1:4a:3e:fb:ca:4f:dd:cd:71:a7:70

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 2.2MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 101KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

5d:44:fd:ba:0f:5e:bd:47:aa:22:db:ff:45:9b:e5:ddCertificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

d8:61:4f:9f:b6:5c:06:5c:d4:84:3d:65:ee:47:ed:7b:dc:01:f3:0e:8e:f1:4a:3e:fb:ca:4f:dd:cd:71:a7:70Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 2.2MB - Virtual size: 2.6MB

Size: 512B - Virtual size: 312B

Size: 101KB - Virtual size: 159KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 159KB - Virtual size: 159KB

.themida Size: - Virtual size: 3.7MB

.boot Size: 1.3MB - Virtual size: 1.3MB

5d:44:fd:ba:0f:5e:bd:47:aa:22:db:ff:45:9b:e5:dd
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

d8:61:4f:9f:b6:5c:06:5c:d4:84:3d:65:ee:47:ed:7b:dc:01:f3:0e:8e:f1:4a:3e:fb:ca:4f:dd:cd:71:a7:70
Signer

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 159KB - Virtual size: 159KB

.themida
Size: - Virtual size: 3.7MB

.boot
Size: 1.3MB - Virtual size: 1.3MB