systembc | 2536-2-0x00007FFFA1910000-0x00007FFFA1C9D000-memory[.]dmp | Triage

Sharing

General

Target

2536-2-0x00007FFFA1910000-0x00007FFFA1C9D000-memory.dmp
Size

3.6MB
MD5

09533e8c81f02452e5604dfafdf0b376
SHA1

0a5e9e26035940f04d95e9b930584bddd31648b6
SHA256

8c777bbab0ba3f129e36c205a6a1d047cce646e9252a5974f45f0bb93a9e0c05
SHA512

c42b71f984e0bd48ca783187712ce629ecdc9abba01bddf93d393048183dbd0574c2a2086214b09d63a97131513f0ae81550380703d7c86c5efb1faccd884aae
SSDEEP

49152:Njy6Iy3Zs9qu8moH+xNSJJ1LKz+JsK47K:o62RyLqe

Score

10^/10

themida systembc

Malware Config

Extracted

Family

systembc

C2

5.42.65.67:4298

localhost.exchange:4298

Signatures

Systembc family
systembc
Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2536-2-0x00007FFFA1910000-0x00007FFFA1C9D000-memory.dmp

Files

2536-2-0x00007FFFA1910000-0x00007FFFA1C9D000-memory.dmp
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 595B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE