368f80fd75e51f4aeaaf89ff2fb7d5f0N

Sharing

Copy URL

Twitter E-mail

General

Target

368f80fd75e51f4aeaaf89ff2fb7d5f0N
Size

6.9MB
MD5

368f80fd75e51f4aeaaf89ff2fb7d5f0
SHA1

df8cc8a60a012b2e019dfde775d8e8567ddef888
SHA256

1944688ceca74de96b3d32dc9f2003a97aa56ef3f970c6eacf926f6f688450c9
SHA512

9cac22e3a0971ec68f90b602f8bb828677bb529579b0defd788522fafd437edce726aed5e54aec78c9a3d37a8fec5bd99ce5adf2870a6ec713ab64237030f6bc
SSDEEP

196608:pxTaLHqLRq7srzQT09F3tNw1Mqde6bWCjt:7TaLKLRo08T0v3EKet

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

368f80fd75e51f4aeaaf89ff2fb7d5f0N
.exe windows:5 windows x86 arch:x86

f0eb44a15aebd9140d946c41b5f5ff26

Code Sign

72:e9:e9:03:9d:71:fa:85:4c:d0:0e:c2:c4:a0:0c:8c
Certificate

Issuer

CN=Персональный компьютер HP Pavilion Gaming TG01 TG01-1006ur

Not Before

25/05/2021, 23:22

Not After

26/05/2031, 23:22

Subject

CN=Персональный компьютер HP Pavilion Gaming TG01 TG01-1006ur

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:59:d4:b2:66:0d:d2:f4:20:1b:39:10:69:e3:db:0f:7e:2e:f8:75:d0:f9:f0:72:80:51:3b:7e:b3:3b:53:e2
Signer

Actual PE Digest

fd:59:d4:b2:66:0d:d2:f4:20:1b:39:10:69:e3:db:0f:7e:2e:f8:75:d0:f9:f0:72:80:51:3b:7e:b3:3b:53:e2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

wsock32

WSACleanup

version

GetFileVersionInfoW

winmm

timeGetTime

comctl32

ImageList_ReplaceIcon

mpr

WNetUseConnectionW

wininet

InternetQueryDataAvailable

psapi

GetProcessMemoryInfo

iphlpapi

IcmpCreateFile

userenv

DestroyEnvironmentBlock

uxtheme

IsThemeActive

user32

AdjustWindowRectEx
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

StrokePath

comdlg32

GetOpenFileNameW

advapi32

GetAce

shell32

DragQueryPoint

ole32

CoTaskMemAlloc

oleaut32

LoadTypeLibEx

wtsapi32

WTSSendMessageW

Sections

Size: - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 622KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vm_sec
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

🙇±¿
Size: - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.loadcon
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

C O M R
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

VM Segme
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

VM Segme
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0eb44a15aebd9140d946c41b5f5ff26

Code Sign

72:e9:e9:03:9d:71:fa:85:4c:d0:0e:c2:c4:a0:0c:8cCertificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

fd:59:d4:b2:66:0d:d2:f4:20:1b:39:10:69:e3:db:0f:7e:2e:f8:75:d0:f9:f0:72:80:51:3b:7e:b3:3b:53:e2Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wsock32

version

winmm

comctl32

mpr

wininet

psapi

iphlpapi

userenv

uxtheme

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

wtsapi32

Sections

Size: - Virtual size: 567KB

Size: - Virtual size: 191KB

Size: - Virtual size: 35KB

Size: - Virtual size: 622KB

Size: - Virtual size: 28KB

.vm_sec Size: - Virtual size: 32KB

.idata Size: - Virtual size: 4KB

🙇±¿ Size: - Virtual size: 311KB

.themida Size: - Virtual size: 3.7MB

.loadcon Size: - Virtual size: 4KB

C O M R Size: - Virtual size: 2KB

VM Segme Size: - Virtual size: 2.4MB

VM Segme Size: 6.5MB - Virtual size: 6.5MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 312KB - Virtual size: 311KB

72:e9:e9:03:9d:71:fa:85:4c:d0:0e:c2:c4:a0:0c:8c
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

fd:59:d4:b2:66:0d:d2:f4:20:1b:39:10:69:e3:db:0f:7e:2e:f8:75:d0:f9:f0:72:80:51:3b:7e:b3:3b:53:e2
Signer

.vm_sec
Size: - Virtual size: 32KB

.idata
Size: - Virtual size: 4KB

🙇±¿
Size: - Virtual size: 311KB

.themida
Size: - Virtual size: 3.7MB

.loadcon
Size: - Virtual size: 4KB

C O M R
Size: - Virtual size: 2KB

VM Segme
Size: - Virtual size: 2.4MB

VM Segme
Size: 6.5MB - Virtual size: 6.5MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 312KB - Virtual size: 311KB