darkcloud | 2032-66-0x0000000000400000-0x0000000000A9C000-memory[.]dmp | Triage

Sharing

General

Target

2032-66-0x0000000000400000-0x0000000000A9C000-memory.dmp
Size

6.6MB
MD5

c2152b4f38994488e6db76e225d82a27
SHA1

f559c01671ecc7f3e18b5f8daced43113b3b2aa3
SHA256

cc55ed901b6c6db589c06d669ad2c673f7ddc0a4827faadc3095b3c5e23b9fe9
SHA512

9d6fc7ed23e760305eeee7f6482bf107ba3c58d61dabd7e2ac5fb724c6e396d6c29f6f3cfd372db471d8e0c18342e56a4f61238ac25352b27eb1c642e017e061
SSDEEP

98304:RbZBXVeNTc4IfcaXQn16wbWfqlTaaAearH3pMIrYji4/22LxcAMa+hjqCZbS69ha:RbZuuVmWf6TaaAXrH3NrY3/2UjZknr3

Score

10^/10

themida darkcloud

Malware Config

Extracted

Family

darkcloud

Attributes

email_from
[email protected]
email_to
[email protected]

Signatures

Darkcloud family
darkcloud

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

2032-66-0x0000000000400000-0x0000000000A9C000-memory.dmp
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 69KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 7B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 42KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ