privateloader | 2648-2-0x0000000000BB0000-0x00000000016A2000-memory[.]dmp | Triage

Sharing

General

Target

2648-2-0x0000000000BB0000-0x00000000016A2000-memory.dmp
Size

10.9MB
MD5

366f7010a83f827f5713f4989020fba7
SHA1

ef657657854f995a4d9bdb2b4b946aa02726a982
SHA256

fd2304626a609f528dc4e59d118171a8adc2be3560a4ddc20cadb47138e685c7
SHA512

9449fc5e69026f4117607703353e2a20c37b6cc024e85d892690660cad742a605d4b35991ea2bd4d4bed377336aac04a494830ad5aca4b0adfb2e987cf2223b8
SSDEEP

196608:OZ73+IiO1IxYndIJnxlrkp26QGBxuSmwb1nxbAsDMsZaBbKlwzMyQY2:O5M0+J3UJBxu9wxnx8sAqwKliXp2

Score

10^/10

vmprotect privateloader

Malware Config

Signatures

Privateloader family
privateloader

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2648-2-0x0000000000BB0000-0x00000000016A2000-memory.dmp

Files

2648-2-0x0000000000BB0000-0x00000000016A2000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 704KB - Virtual size: 744KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ