privateloader | 2152-1-0x0000000001360000-0x0000000001FB7000-memory[.]dmp | Triage

Sharing

General

Target

2152-1-0x0000000001360000-0x0000000001FB7000-memory.dmp
Size

12.3MB
MD5

541139bdf076513a3b6828d68d7d42f4
SHA1

3b768f400f2d9d82b0ee88a8f0c5b076d37fd0be
SHA256

f0d5628b7b9d7ea2e45b8112de21444f6400bf0c33c0003b1edc4da882eaf099
SHA512

b5010e569c52fc2567b1bad4b6524e3fa3c0c88aaf40f612540f9a7d9c03efc12f4ca2492a4588f282e10ba15cebcea69b4c4f3bc9ef483d516eec26fd0c85f2
SSDEEP

393216:WbmN+btaR4WUv90HCZvcyglrzkbXQJEX:K+j45WHCwzkbgJo

Score

10^/10

vmprotect privateloader risepro

Malware Config

Extracted

Family

risepro

C2

194.169.175.123

Signatures

Privateloader family
privateloader
Risepro family
risepro

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2152-1-0x0000000001360000-0x0000000001FB7000-memory.dmp

Files

2152-1-0x0000000001360000-0x0000000001FB7000-memory.dmp
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 41KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ