privateloader | 1600-190-0x00007FF7DBCD0000-0x00007FF7DC97A000-memory[.]dmp

Sharing

Copy URL

Twitter E-mail

General

Target

1600-190-0x00007FF7DBCD0000-0x00007FF7DC97A000-memory.dmp
Size

12.7MB
MD5

e98cb66cf8312b78525c7395af154ecb
SHA1

c3659d9897f8759cfedc7d5368778c65e2d5dc3f
SHA256

8cb0f26a8aca39495ca702a9d3c42f796a71b5ce7de2cf20c8f4df3a3f0ded29
SHA512

79278d4a6ca3e17990b5becaf4ddc2c41d520f6c1bd7f4f3be0da355e134df3df8ec3dc188021bccbcf83b8e39c3913c5742443457d1925f74369d466d89adc1
SSDEEP

98304:QxrKaZWkjgvIasF32wXC9dbJb0bc2QXyiXf2KaP5DA1mdr0hKuJ45CpEaNiY51sI:yOaZMAB2wXC9Nd0odyiXzg/drUm5/e

Score

10^/10

themida privateloader

Malware Config

Signatures

Privateloader family
privateloader

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1600-190-0x00007FF7DBCD0000-0x00007FF7DC97A000-memory.dmp

Files

1600-190-0x00007FF7DBCD0000-0x00007FF7DC97A000-memory.dmp
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.7z0
Size: - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.7z1
Size: - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.7z2
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.7z3
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 219KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: - Virtual size: 3.1MB

Size: - Virtual size: 240KB

Size: - Virtual size: 73KB

Size: - Virtual size: 85KB

Size: - Virtual size: 252B

.7z0 Size: - Virtual size: 220KB

Size: - Virtual size: 9KB

.idata Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.themida Size: - Virtual size: 4.5MB

.7z1 Size: - Virtual size: 270KB

.7z2 Size: 1024B - Virtual size: 960B

.7z3 Size: 4.0MB - Virtual size: 4.0MB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 219KB - Virtual size: 220KB

.7z0
Size: - Virtual size: 220KB

.idata
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 4.5MB

.7z1
Size: - Virtual size: 270KB

.7z2
Size: 1024B - Virtual size: 960B

.7z3
Size: 4.0MB - Virtual size: 4.0MB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 219KB - Virtual size: 220KB