privateloader | 1108-56-0x0000000000220000-0x00000000004FB000-memory[.]dmp | Triage

Sharing

General

Target

1108-56-0x0000000000220000-0x00000000004FB000-memory.dmp
Size

2.9MB
MD5

1e680dfec9ce3caa7609c1c1bb77e845
SHA1

6237cc82751913b4f50dbd96834197ad892b050d
SHA256

85a04d961a4abbad5f43f6584f305aaeb9bf74f4b2822e6b0781f6ce00e94492
SHA512

ce2138a39ea0dc780f1b5a35d89cd44a839de6d1ac2dfbe5e408c5e7af20d8981bdd43e2b5d526a34d6e8b8032a74d90a4eaec24c81e7c1416b748bc409a8527
SSDEEP

24576:36vdE/6HkesgS6SWlXIrdYaqh2FVRAAn4VOK6OyyDGOkuQ/nv7H705J9qjUb0AeK:AI8n2S2oGvQy3qIoqS0SGzxuF

Score

10^/10

themida privateloader

Malware Config

Signatures

Privateloader family
privateloader
Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

1108-56-0x0000000000220000-0x00000000004FB000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 55KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 11KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE