darkcloud | 1044-55-0x0000000000400000-0x0000000000A9C000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1044-55-0x0000000000400000-0x0000000000A9C000-memory.dmp
Size

6.6MB
MD5

299868640989f307b3027c3cb9bb42e2
SHA1

2b3ec310a667072919192392728fc43966a07233
SHA256

65b3f5dc2c25dcfccc481f2ade9becb83a2b016e7d1902b359b83a9896919285
SHA512

9239f099aa7ad73c2274b8ee0f19d9c7cfb6cee049cabc319ee775dc56239c6400da219cf905302c02cbd05039890e1f120a404d9686ed6c5ab55ef91e23c45c
SSDEEP

98304:RbZvt5CHsMOlfsj9CQJhwbWfqlTaaAearH3pMIrYji4/22LxcAMa+hjqCZbS69ha:RbZiTT6Wf6TaaAXrH3NrY3/2UjZknr3

Score

10^/10

themida darkcloud

Malware Config

Extracted

Family

darkcloud

Attributes

email_from
[email protected]
email_to
[email protected]

Signatures

Darkcloud family
darkcloud

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

1044-55-0x0000000000400000-0x0000000000A9C000-memory.dmp
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 69KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 7B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 42KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ