Behavioral task
behavioral1
Sample
1344-54-0x0000000000D10000-0x00000000016A9000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1344-54-0x0000000000D10000-0x00000000016A9000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
1344-54-0x0000000000D10000-0x00000000016A9000-memory.dmp
-
Size
9.6MB
-
MD5
f76473194979659c0abb8bfa276ba422
-
SHA1
7ecdc83797c4cea62496713313ed3a5b8d7362cf
-
SHA256
073955cdc1592071456c899de279f50a1c300e15192f56724c4ab2885f443fcf
-
SHA512
567abc2d5eed22e95370a43ea21dfd8790f44bcf01d38850532af9a7e29267e90cc638867f50d2d3e125dc0c4d0d2eb67cdcea79191c7be26d75deedbc4c7d68
-
SSDEEP
196608:ls6dnJ8vMeGFv93aaPN6wquldLsy8lSB3baMxp2Qta4O7NADtV6v+:fSev93a86wqu4y8Q3bdxMD7
Malware Config
Signatures
-
Privateloader family
-
Processes:
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1344-54-0x0000000000D10000-0x00000000016A9000-memory.dmp
Files
-
1344-54-0x0000000000D10000-0x00000000016A9000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 168KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 4.4MB - Virtual size: 4.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 216KB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ