privateloader | 1256-55-0x0000000000250000-0x000000000088A000-memory[.]dmp | Triage

Sharing

General

Target

1256-55-0x0000000000250000-0x000000000088A000-memory.dmp
Size

6.2MB
MD5

75a658e3c12cb17a039f9d0f125e3212
SHA1

3893c4dbc89c4d48e7dde707cc153cc75970c41c
SHA256

e3366b55ad420f9cc9bdf4607c678e6de9a06e3f7fd79d0f7f0200cc5cedc0e2
SHA512

3a9eb08aab5533cd770c0032a52506be58c4bc38fc707b3c5d96ae283d6f770971509c8ecd1be755dbb609029c92b3d5fa89bef2abc6f5d0ea85437dbfe5d9b6
SSDEEP

98304:Da/GvjUcYOwAL6zpdu2za72aNuBsfC4tKesJ7RfgY6Xo0oJepfzNYQzoV4wt:Da/kUcYOLL6QXuafCZxgYQoOprNYQk

Score

10^/10

themida privateloader

Malware Config

Signatures

Privateloader family
privateloader

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1256-55-0x0000000000250000-0x000000000088A000-memory.dmp

Files

1256-55-0x0000000000250000-0x000000000088A000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 441KB - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 89KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 679KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ