privateloader | 1032-54-0x0000000000920000-0x0000000000EF1000-memory[.]dmp | Triage

Sharing

General

Target

1032-54-0x0000000000920000-0x0000000000EF1000-memory.dmp
Size

5.8MB
MD5

4cf50e8ea9bb01b20dcfbae336171fdd
SHA1

714919355ea7511d436367ace7418bc29d6a5706
SHA256

b809cecd61abbbf87c0d4f618488a17709d0dfa5a2fabf803fecb7c6156a5e21
SHA512

6e1bbaa8dc4d25532c6b9fc7a95241e077c2a6e50f37a7c933a162baa7530ada3cb4558edb46ed74a456120d16813dcccdfffb4f56dfc925a86559f2d537f22a
SSDEEP

98304:bNkALnzBWGvGaN7E5e3+AnB3YnHsW3A7elWCHffOVMyMDdkgNw55HkVpBeQ:bxnzysN+kOHsW3UerHfSnedzA5EVR

Score

10^/10

vmprotect privateloader

Malware Config

Signatures

Privateloader family
privateloader
VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

Files

1032-54-0x0000000000920000-0x0000000000EF1000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.!!!! 0
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 172KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ