darkcloud | 2180-157-0x0000000000400000-0x0000000000A2E000-memory[.]dmp | Triage

Sharing

General

Target

2180-157-0x0000000000400000-0x0000000000A2E000-memory.dmp
Size

6.2MB
MD5

88429b243c8fd293c5b071c16242ed4f
SHA1

14dab22aaf72d8ca8735b7912c7d06c08f2a445e
SHA256

5351e74855de9472677a45852eef01a486d7800106397091dd4561f1cbf7c817
SHA512

cb34af5d90dc8b84c052a128b14f1e34ef1740e3e8b3d0abcd75040b8eab784b0f195c1b6f7646d8f6d0811138b3a3ab326c2f3f0921d6de3a59a0554ad15d48
SSDEEP

196608:GbJLW/D9mSqCW+vocmvg6UTOS6aggXyS:GVCs0b1pXr

Score

10^/10

themida darkcloud

Malware Config

Extracted

Family

darkcloud

Attributes

email_from
[email protected]
email_to
[email protected]

Signatures

Darkcloud family
darkcloud

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

2180-157-0x0000000000400000-0x0000000000A2E000-memory.dmp
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 69KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 7B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 42KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ