privateloader | 2808-56-0x0000000000FD0000-0x000000000139C000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2808-56-0x0000000000FD0000-0x000000000139C000-memory.dmp
Size

3.8MB
MD5

d50f1b8512e70625644b3f3e377f775c
SHA1

6cd0358ff0be8815a56d7b28954cc20cd5b57548
SHA256

ef17e26392c8faf308c9acb82869deb5841efe8b31183400931ab0973b6b04b0
SHA512

0c52d45a0f2d9daa0c02bb51f8b3ab34dece8ae6b774df226d04d13fb2221d43f57ae61aa8f75d8b7e4b999d8082ed8855ae620cb519c877a685452d1ce72d8e
SSDEEP

98304:Za/xvHtUkOUUOtp5/TDoYj3QOwjy/LnmyiU4vwZyi:Za/ltUkOsVffjl6yiU4v

Score

10^/10

themida privateloader

Malware Config

Signatures

Privateloader family
privateloader

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2808-56-0x0000000000FD0000-0x000000000139C000-memory.dmp

Files

2808-56-0x0000000000FD0000-0x000000000139C000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 441KB - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 90KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ