b45668e08c03024f2432ff332c319131[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

b45668e08c03024f2432ff332c319131.exe
Size

3.4MB
MD5

b45668e08c03024f2432ff332c319131
SHA1

4bef9109eaeace4107c47858eef2d9d3487e45f0
SHA256

4b5a876b1c230b28c0862d5f8158b3657016709855bf3329d8fea6cada3adbfe
SHA512

538c8471fc0313e68885d4d09140ec3e3374af3464af626195b6387a67b9bae9c3c9fd369d9dc7965decc182d13e8bbf95b4cf96b5ffc78af5d7904d59325bbc
SSDEEP

98304:MHKnK7qkC+8TMGHgWnvLBQ0YXpS3KZFc6LUARABDgAj:MqKYx9zu0YpSaZFcJA6BDga

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

b45668e08c03024f2432ff332c319131.exe
.exe windows:4 windows x86 arch:x86

Code Sign

51:1b:ab:c2:e5:a2:62:8a:42:f1:1a:c0:1c:51:74:82
Certificate

Issuer

CN=ViewSony game mode plus

Not Before

23-10-2024 13:53

Not After

24-10-2034 13:53

Subject

CN=ViewSony game mode plus

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15-01-2024 00:00

Not After

14-04-2035 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22-03-2021 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:d9:fa:d9:e6:e5:dc:e1:aa:33:a4:69:f2:ff:4b:04:e5:ab:08:8a:51:4f:23:6a:87:4c:9f:c9:7c:e3:cf:45
Signer

Actual PE Digest

7c:d9:fa:d9:e6:e5:dc:e1:aa:33:a4:69:f2:ff:4b:04:e5:ab:08:8a:51:4f:23:6a:87:4c:9f:c9:7c:e3:cf:45

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.2MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 78KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

51:1b:ab:c2:e5:a2:62:8a:42:f1:1a:c0:1c:51:74:82Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

7c:d9:fa:d9:e6:e5:dc:e1:aa:33:a4:69:f2:ff:4b:04:e5:ab:08:8a:51:4f:23:6a:87:4c:9f:c9:7c:e3:cf:45Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 1.2MB - Virtual size: 1.3MB

Size: 78KB - Virtual size: 143KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 131KB - Virtual size: 131KB

.themida Size: - Virtual size: 4.9MB

.boot Size: 2.0MB - Virtual size: 2.0MB

51:1b:ab:c2:e5:a2:62:8a:42:f1:1a:c0:1c:51:74:82
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

7c:d9:fa:d9:e6:e5:dc:e1:aa:33:a4:69:f2:ff:4b:04:e5:ab:08:8a:51:4f:23:6a:87:4c:9f:c9:7c:e3:cf:45
Signer

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 131KB - Virtual size: 131KB

.themida
Size: - Virtual size: 4.9MB

.boot
Size: 2.0MB - Virtual size: 2.0MB