Behavioral task
behavioral1
Sample
1636-55-0x0000000000E60000-0x0000000001914000-memory.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
1636-55-0x0000000000E60000-0x0000000001914000-memory.exe
Resource
win10v2004-20220901-en
General
-
Target
1636-55-0x0000000000E60000-0x0000000001914000-memory.dmp
-
Size
10.7MB
-
MD5
4b2585064b1198b241b4804084c5d537
-
SHA1
ae435b005de913fc39bfecf46eac29d884c8af3a
-
SHA256
922935e541ccd906138d1cf5713debd6478bef05e41ea55b041d0dc9572e51e1
-
SHA512
0e278a620b609a0b58da4021c12a5b7e56e8dfeef47314cbc62e9a0d1b951b9c0297804d9e155d47cb3bbf920042b46d6a1cea84cf0261a6960985a2bc9b088e
-
SSDEEP
196608:cYA/R157z18OuCNF35t1buVsqg1PnTxg4wv0YmWK8BNyuEFUq6ci4osI3jhMSN:m/7Tu20VxsfTU08Nt6UEdoss
Malware Config
Signatures
-
Privateloader family
-
Processes:
resource yara_rule sample vmprotect
Files
-
1636-55-0x0000000000E60000-0x0000000001914000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 163KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 4.7MB - Virtual size: 4.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 835KB - Virtual size: 2.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ