privateloader | 604-55-0x0000000000D30000-0x00000000017D9000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

604-55-0x0000000000D30000-0x00000000017D9000-memory.dmp
Size

10.7MB
MD5

8e983da0d16b4a636fb495a3dbfddd08
SHA1

5ae0c88bdc332807c97085e6ec2eedd2b9e82199
SHA256

8b0ffec2175c846d77bfe3ee206a3b953ed8caa45c2bac98d2a98e5865cce373
SHA512

c5a8c52070b6e258aa829fadcf78b9299da7dd5677d07e828f43f073af4ab6b70c20d0ebacc0b088be0064cfd2fff6c989bfe6da1c7c747ec241c2341df73cbc
SSDEEP

196608:3ES0nqvHkjD/aKXKdr+YcfKhsI4F/YCN/tF1vzenbfauJLaY4NAi4osI3jhMSN:0S8D/aKHF2s3F/YM9zebfnLa1Adoss

Score

10^/10

vmprotect privateloader

Malware Config

Signatures

Privateloader family
privateloader

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Files

604-55-0x0000000000D30000-0x00000000017D9000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 266KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ