privateloader | 2664-24-0x00000000001F0000-0x00000000011A5000-memory[.]dmp

Sharing

Copy URL Twitter E-mail

General

Target

2664-24-0x00000000001F0000-0x00000000011A5000-memory.dmp
Size

15.7MB
MD5

60bb4c906a38cf0b7fc7b19616f4aaf0
SHA1

7ea50122f6c2c9026afee89c41b67e6054e75a33
SHA256

12f9479241efa4960c2d65a66ee491abbc9e1b6e238477fa526478abb677d4bf
SHA512

8cccdb7a54cc252ab03d13ad9870d2b45b2d2404cf705b7c2b1f177d26e586fdd65265e67587a1fc6a9bab3e3f61f3d557a89812b7641894076bdb32f6df2ee1
SSDEEP

393216:Zb8NtIztMRl3TV4lYBmbFI4+LcRKm6x7/:l6qMilYBmbFQ1x

Score

10^/10

themida privateloader risepro

Malware Config

Signatures

Privateloader family
privateloader
Risepro family
risepro

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2664-24-0x00000000001F0000-0x00000000011A5000-memory.dmp

Files

2664-24-0x00000000001F0000-0x00000000011A5000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 857KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

./PING/0
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

./PING/1
Size: - Virtual size: 896KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

./PING/2
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

./PING/3
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: - Virtual size: 1.0MB

Size: - Virtual size: 203KB

Size: - Virtual size: 13KB

Size: - Virtual size: 857KB

Size: - Virtual size: 32KB

.idata Size: - Virtual size: 4KB

./PING/0 Size: - Virtual size: 100KB

.themida Size: - Virtual size: 4.7MB

.boot Size: - Virtual size: 2.4MB

./PING/1 Size: - Virtual size: 896KB

./PING/2 Size: 1024B - Virtual size: 516B

./PING/3 Size: 5.4MB - Virtual size: 5.4MB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 99KB - Virtual size: 99KB

.idata
Size: - Virtual size: 4KB

./PING/0
Size: - Virtual size: 100KB

.themida
Size: - Virtual size: 4.7MB

.boot
Size: - Virtual size: 2.4MB

./PING/1
Size: - Virtual size: 896KB

./PING/2
Size: 1024B - Virtual size: 516B

./PING/3
Size: 5.4MB - Virtual size: 5.4MB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 99KB - Virtual size: 99KB