privateloader | 208-301-0x00007FF7F7720000-0x00007FF7F8778000-memory[.]dmp

Sharing

Copy URL Twitter E-mail

General

Target

208-301-0x00007FF7F7720000-0x00007FF7F8778000-memory.dmp
Size

16.3MB
MD5

39d19ce6b0f1199b15d160bd6ba58977
SHA1

d5bbe29b4e71b778fc42bea7e4917cd82d5a684a
SHA256

8a2f890e947c3a41a404309f5301fb7c5c9c530ff14e6bf8e485b4902491e9bc
SHA512

e621595c514f75f3bfaecdae22e93adbbad228b05f76547063d133c1c4a0f87628a7adcddb825399e33504a99bc0a3ef7b4774433bc6c02b294a2e55ea3f6047
SSDEEP

393216:R5V2XF6vrsWVIn53oX3p9QNsGIOtW379:RWXovr/V2qXnQNsGIkex

Score

10^/10

themida privateloader

Malware Config

Signatures

Privateloader family
privateloader

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
208-301-0x00007FF7F7720000-0x00007FF7F8778000-memory.dmp

Files

208-301-0x00007FF7F7720000-0x00007FF7F8778000-memory.dmp
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp:"0
Size: - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp:"1
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp:"2
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp:"3
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_MEM_READ

.rsrc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: - Virtual size: 3.1MB

Size: - Virtual size: 240KB

Size: - Virtual size: 73KB

Size: - Virtual size: 85KB

Size: - Virtual size: 252B

.vmp:"0 Size: - Virtual size: 173KB

Size: - Virtual size: 9KB

.idata Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.themida Size: - Virtual size: 3.7MB

.vmp:"1 Size: - Virtual size: 2.6MB

.vmp:"2 Size: 2KB - Virtual size: 1KB

.vmp:"3 Size: 6.3MB - Virtual size: 6.3MB

.reloc Size: 512B - Virtual size: 172B

.rsrc Size: 89KB - Virtual size: 89KB

.vmp:"0
Size: - Virtual size: 173KB

.idata
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 3.7MB

.vmp:"1
Size: - Virtual size: 2.6MB

.vmp:"2
Size: 2KB - Virtual size: 1KB

.vmp:"3
Size: 6.3MB - Virtual size: 6.3MB

.reloc
Size: 512B - Virtual size: 172B

.rsrc
Size: 89KB - Virtual size: 89KB