privateloader | 1216-62-0x0000000000870000-0x000000000242A000-memory[.]dmp

Sharing

Copy URL

Twitter E-mail

General

Target

1216-62-0x0000000000870000-0x000000000242A000-memory.dmp
Size

27.7MB
MD5

7317b578316f9ba61d790424873cce81
SHA1

e0502f5613d5f7736be25a603d7bd2aa21af4f4c
SHA256

1f463c430cbf360b1d2b125ff6158f6c28e629272cce92e5e10ccf64e4bc5112
SHA512

264407d3e5099f0cb74940b4206509ba7e0b5fd37f005c58a1faacf5290f235e50e127bf174bd9fae65d54c0a67423e7e70e4f77887a4420711aae11bc6b12ec
SSDEEP

393216:7/EMZSCTWLwZNzaBGKzES9jR4mpiu7hv9N3klfAD:z5ZSGWkjzaMbAi6Vulf

Score

10^/10

themida privateloader

Malware Config

Signatures

Privateloader family
privateloader

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1216-62-0x0000000000870000-0x000000000242A000-memory.dmp

Files

1216-62-0x0000000000870000-0x000000000242A000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 12.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 113KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: - Virtual size: 1.5MB

Size: - Virtual size: 164KB

Size: - Virtual size: 41KB

Size: - Virtual size: 12.3MB

Size: - Virtual size: 29KB

.idata Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 115KB

.themida Size: - Virtual size: 3.1MB

.boot Size: - Virtual size: 1.9MB

.vmp1 Size: - Virtual size: 1.4MB

.vmp2 Size: 7.1MB - Virtual size: 7.1MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 113KB - Virtual size: 114KB

.idata
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 115KB

.themida
Size: - Virtual size: 3.1MB

.boot
Size: - Virtual size: 1.9MB

.vmp1
Size: - Virtual size: 1.4MB

.vmp2
Size: 7.1MB - Virtual size: 7.1MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 113KB - Virtual size: 114KB