systembc | 1940-54-0x0000000000400000-0x0000000000C1E000-memory[.]dmp | Triage

Sharing

General

Target

1940-54-0x0000000000400000-0x0000000000C1E000-memory.dmp
Size

8.1MB
MD5

c5d6ff3bb9781c083b0967729d4a4758
SHA1

341f4a84067c265b93c20cfb5fd83e1106329823
SHA256

bc4bcf67029b695ec5925bb97ff5cf8028c84e0277626f894ff507bd3ee4ffb0
SHA512

ab1646b14db3fc8a160c6a3483562e3208cde30b7b8b9d9ce27a51933967cac17579084920de219ca49a99e312efc3539af97c42642f623ace894eff7f6adbb4
SSDEEP

196608:pQhCvO+ChR6GWCQS15EK+OvSMYYN3Kf4PalECQZHpzRkNLMDkDY:RdiOO6MlG3lfSHuns

Score

10^/10

vmprotect systembc

Malware Config

Extracted

Family

systembc

C2

mininglivepools.com:4246

myprettysocks.com:4246

Signatures

Systembc family
systembc
VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

Files

1940-54-0x0000000000400000-0x0000000000C1E000-memory.dmp
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 642KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Ux,
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.>uw
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.p=/
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ