574fde2396a55cda67addf09ae80dc421042546c1e48b42740f0e11bf298adf9

Sharing

Copy URL

Twitter E-mail

General

Target

574fde2396a55cda67addf09ae80dc421042546c1e48b42740f0e11bf298adf9
Size

3.3MB
MD5

907a29c80673afe62260166bbcf6fbfd
SHA1

f673286dfb46519686ae908a4753a91a107e561b
SHA256

574fde2396a55cda67addf09ae80dc421042546c1e48b42740f0e11bf298adf9
SHA512

817d51da5f5d8d01afbfb3e114dcf8c6eae07e6e25eaef54f92070a8dba1e643e6f8b01cc7fc86d07cd08cc1476177ee4e0c14705831cebc5fa9c91d46ab333b
SSDEEP

98304:Q9do0AuwSg8UkzHJ7Bfqyv2M5tKMAYvE+nJ+zxFKp:QQuDgtGJ75L2IIKpqMp

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/Discord Nitro Gen.exe	themida

Files

574fde2396a55cda67addf09ae80dc421042546c1e48b42740f0e11bf298adf9
.zip

Password: infected
Discord Nitro Gen.exe
.exe windows:4 windows x86 arch:x86

Code Sign

24:69:26:63:ef:6c:0c:0a:3b:23:cf:a3:10:c3:64:9b
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

16-03-2018 00:00

Not After

16-03-2022 23:59

Subject

CN=Akeo Consulting,O=Akeo Consulting,POSTALCODE=F92 D667,STREET=24 Grey Rock,L=Milford,ST=Co. Donegal,C=IE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9c:fd:75:2b:16:83:c6:12:6c:c7:93:f1:ea:3b:aa:d4:2e:fa:77:7e:23:db:fa:50:26:bd:9c:da:3c:51:d3:2f
Signer

Actual PE Digest

9c:fd:75:2b:16:83:c6:12:6c:c7:93:f1:ea:3b:aa:d4:2e:fa:77:7e:23:db:fa:50:26:bd:9c:da:3c:51:d3:2f

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 42KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

24:69:26:63:ef:6c:0c:0a:3b:23:cf:a3:10:c3:64:9bCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

9c:fd:75:2b:16:83:c6:12:6c:c7:93:f1:ea:3b:aa:d4:2e:fa:77:7e:23:db:fa:50:26:bd:9c:da:3c:51:d3:2fSigner

Headers

DLL Characteristics

File Characteristics

Sections

Size: 42KB - Virtual size: 96KB

Size: 24KB - Virtual size: 23KB

Size: 1024B - Virtual size: 12B

.vm_sec Size: 16KB - Virtual size: 16KB

.idata Size: 1024B - Virtual size: 8KB

.rsrc Size: 24KB - Virtual size: 23KB

.themida Size: - Virtual size: 5.5MB

.boot Size: 3.2MB - Virtual size: 3.2MB

24:69:26:63:ef:6c:0c:0a:3b:23:cf:a3:10:c3:64:9b
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

9c:fd:75:2b:16:83:c6:12:6c:c7:93:f1:ea:3b:aa:d4:2e:fa:77:7e:23:db:fa:50:26:bd:9c:da:3c:51:d3:2f
Signer

.vm_sec
Size: 16KB - Virtual size: 16KB

.idata
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 24KB - Virtual size: 23KB

.themida
Size: - Virtual size: 5.5MB

.boot
Size: 3.2MB - Virtual size: 3.2MB