d849f1f013d633d91a68258551a54b20246ea20b33775a7b29096f85d7f35bd5

Sharing

Copy URL

Twitter E-mail

General

Target

d849f1f013d633d91a68258551a54b20246ea20b33775a7b29096f85d7f35bd5
Size

5.0MB
MD5

c085dd87b5d18ee9c8ec38a2977440b5
SHA1

0a95ad0535baeef34122bddd80f99bb62ee3ad26
SHA256

d849f1f013d633d91a68258551a54b20246ea20b33775a7b29096f85d7f35bd5
SHA512

c398d6b66913123024ee5c96731e7b6e0e0f5f9a8f71c0efb352e410277e2d1d0e1e437b972f01801c71a698e6db9900d68d822ca20eac63c54932ca7fbcbdc1
SSDEEP

98304:OrgTFbeYp25aGhBrZXdAsjzAcu2tsnSDZc6K/jdZ/cAUdAEX9CrcGgDI1:nap7BrZN7w2un6/K//LEXEcxDI1

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
static1/unpack001/6ca26fbe131ceb76d05709c5df672110dc50148c791d8079eeb7d988025aef46	themida

Files

d849f1f013d633d91a68258551a54b20246ea20b33775a7b29096f85d7f35bd5
.7z

Password: infected
6ca26fbe131ceb76d05709c5df672110dc50148c791d8079eeb7d988025aef46
.exe windows:5 windows x86 arch:x86

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:31:e4:8d:08:06:5b:09:8f:84:e7:c5:10:33:60:74
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-03-2020 00:00

Not After

15-03-2023 12:00

Subject

CN=AVG Technologies USA\, LLC,OU=RE stapler cistodc,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09-06-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:f4:ff:f5:d0:58:2f:82:df:31:86:e1:b2:72:ff:87:e4:39:54:66:f3:2c:4d:c7:4e:c9:69:f3:2d:7b:20:76
Signer

Actual PE Digest

48:f4:ff:f5:d0:58:2f:82:df:31:86:e1:b2:72:ff:87:e4:39:54:66:f3:2c:4d:c7:4e:c9:69:f3:2d:7b:20:76

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 75KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 125KB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 75B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vm_sec
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:31:e4:8d:08:06:5b:09:8f:84:e7:c5:10:33:60:74Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

48:f4:ff:f5:d0:58:2f:82:df:31:86:e1:b2:72:ff:87:e4:39:54:66:f3:2c:4d:c7:4e:c9:69:f3:2d:7b:20:76Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 75KB - Virtual size: 190KB

Size: 125KB - Virtual size: 7.1MB

Size: 512B - Virtual size: 75B

Size: 512B - Virtual size: 74B

.rsrc Size: 243KB - Virtual size: 243KB

.vm_sec Size: 96KB - Virtual size: 96KB

.idata Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 6.6MB

.boot Size: 4.6MB - Virtual size: 4.6MB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:31:e4:8d:08:06:5b:09:8f:84:e7:c5:10:33:60:74
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

48:f4:ff:f5:d0:58:2f:82:df:31:86:e1:b2:72:ff:87:e4:39:54:66:f3:2c:4d:c7:4e:c9:69:f3:2d:7b:20:76
Signer

.rsrc
Size: 243KB - Virtual size: 243KB

.vm_sec
Size: 96KB - Virtual size: 96KB

.idata
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 6.6MB

.boot
Size: 4.6MB - Virtual size: 4.6MB