privateloader | 2964-0-0x000000013F950000-0x0000000140021000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2964-0-0x000000013F950000-0x0000000140021000-memory.dmp
Size

6.8MB
MD5

5cf8c092d2c12050b8ab295cbeb53a4c
SHA1

68e8f0d99fce1d45a57ce5333c828f67857f1b59
SHA256

76f5497872a173e3e1c07185f54697898a6d60a5c566791409be8fd44ea8d96e
SHA512

7e04ce53c408cc6603859b69f583eec493a1e4eb999653d6e12aeeef7c72baea3b7d29c7e2bf82a9a11c4c0fc174e0b997bce7f22f0ad4ce37ad03cbeb06ba02
SSDEEP

98304:vxwKvbDn6nMDhh9giYkCIHPigYPPXdq2e2JejdUPo0e2lA:JRvbDRjaiYk5qgYnQ7SemPo0e3

Score

10^/10

vmprotect privateloader

Malware Config

Signatures

Privateloader family
privateloader

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2964-0-0x000000013F950000-0x0000000140021000-memory.dmp

Files

2964-0-0x000000013F950000-0x0000000140021000-memory.dmp
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 547KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 129KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ