privateloader | 4300-194-0x00007FF60ACA0000-0x00007FF60B368000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4300-194-0x00007FF60ACA0000-0x00007FF60B368000-memory.dmp
Size

6.8MB
MD5

d8c8ee5e60b14bbb592ff653ab69cb88
SHA1

4d71e9cb7e14d4d083dfd27608fe7b910ec1caa4
SHA256

4e6be4c9a91342b799aede4d52415688db425d3d7a9e41026e4113cfbec447e1
SHA512

76b4e552bd824d1f1549bfad1dbb9404d0f050b8b51fd6fff0e3199e1855f82866ba9d6f7bbd420389f0e9266251c56f1b5281a4e6db78a4717ad97b770bdb51
SSDEEP

98304:DSuYO5KlJJDi7JduoFW2GMG+/q10mo104h2JnAURnQYHu:DSutglKbUh14q+mo1NSnAUZH

Score

10^/10

vmprotect privateloader

Malware Config

Signatures

Privateloader family
privateloader

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4300-194-0x00007FF60ACA0000-0x00007FF60B368000-memory.dmp

Files

4300-194-0x00007FF60ACA0000-0x00007FF60B368000-memory.dmp
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 536KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 287KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ