privateloader | 116-440-0x00007FF6D01B0000-0x00007FF6D12AC000-memory[.]dmp

Sharing

Copy URL Twitter E-mail

General

Target

116-440-0x00007FF6D01B0000-0x00007FF6D12AC000-memory.dmp
Size

17.0MB
MD5

17af466a21380dcae6f8158a80b2c819
SHA1

77a442a3830465d861220a5ca3fa9a3e1f59c68e
SHA256

327511a6801cb2889f213ae8396113b32a1d2cf6b48f02fec8879a76852aa7f4
SHA512

ad2d2f4c6a460c5042d7608614b9e60d28c0d854213ce027e6159ed706101381a26e7f18a1b636ddd9829d778d97a07fdd93127e6b19403e9401d7fcc88eeb6d
SSDEEP

196608:xOaZuq9poZD+jDzVzgLwUirmqKE5ojPzfgGPl/XtXY5IVPLPVbXvGmBB7q:sQ9pBdNUiJzOjblPlPtI5yLt75BRq

Score

10^/10

themida privateloader

Malware Config

Signatures

Privateloader family
privateloader

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
116-440-0x00007FF6D01B0000-0x00007FF6D12AC000-memory.dmp

Files

116-440-0x00007FF6D01B0000-0x00007FF6D12AC000-memory.dmp
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp<O>
Size: - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp<7>
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp<h>
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp< >
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_MEM_READ

.rsrc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: - Virtual size: 3.1MB

Size: - Virtual size: 240KB

Size: - Virtual size: 73KB

Size: - Virtual size: 85KB

Size: - Virtual size: 252B

.vmp<O> Size: - Virtual size: 225KB

Size: - Virtual size: 9KB

.idata Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.themida Size: - Virtual size: 4.1MB

.vmp<7> Size: - Virtual size: 2.5MB

.vmp<h> Size: 2KB - Virtual size: 1KB

.vmp< > Size: 6.5MB - Virtual size: 6.5MB

.reloc Size: 512B - Virtual size: 184B

.rsrc Size: 142KB - Virtual size: 141KB

.vmp<O>
Size: - Virtual size: 225KB

.idata
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 4.1MB

.vmp<7>
Size: - Virtual size: 2.5MB

.vmp<h>
Size: 2KB - Virtual size: 1KB

.vmp< >
Size: 6.5MB - Virtual size: 6.5MB

.reloc
Size: 512B - Virtual size: 184B

.rsrc
Size: 142KB - Virtual size: 141KB