privateloader | 2108-13-0x0000000000C50000-0x00000000015F0000-memory[.]dmp | Triage

Sharing

General

Target

2108-13-0x0000000000C50000-0x00000000015F0000-memory.dmp
Size

9.6MB
MD5

1686857daaf8b6f8b727f7530b3662a3
SHA1

0354d1e069da4d7d8c66a067b541b7e2be076f41
SHA256

b7a8c31ae39ed196a973ff16ad2e1997bb3221b85cc91ebffd9b4065231638ca
SHA512

ad3eb8fcf37cc05388b737bb01b7ab4be9f9c44fcda41522796296d1cecb99fdadf5947ccff2903110aa238181dcc7701351a7d416ee951eab4e0431fb2dac50
SSDEEP

196608:GGKoH7WaiUg6bHChXgA1F/MKdtUpiZvXhgeFO4y:PbtbHCZg+FEYwi9Xhgr4

Score

10^/10

themida privateloader risepro

Malware Config

Signatures

Privateloader family
privateloader
Risepro family
risepro

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2108-13-0x0000000000C50000-0x00000000015F0000-memory.dmp

Files

2108-13-0x0000000000C50000-0x00000000015F0000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 581KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 111KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 21KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ