privateloader | 4168-238-0x00007FF725800000-0x00007FF72623B000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4168-238-0x00007FF725800000-0x00007FF72623B000-memory.dmp
Size

10.2MB
MD5

910a50705e6221f78aec550c651ce747
SHA1

6e3d20c5041e34f9145e2107f33c10b602dc56f2
SHA256

80322a56fef06977f2020f3b9a527528b2ff974daf17566900636b49eee1d05b
SHA512

e766d56f8d5de700ff91da5dc733603a6bb3f67d6b0e9385fab76c200f0c0c0cc52abca9fe073bde935e57bd982f263cd2038c0c54c99c7d6a1d29c181b7dc78
SSDEEP

196608:/SugSHHFfwhO46rhMO1tdHTGOEybFhlszu97:7VFfyO111tl1E63szu97

Score

10^/10

privateloader

Malware Config

Signatures

Privateloader family
privateloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4168-238-0x00007FF725800000-0x00007FF72623B000-memory.dmp

Files

4168-238-0x00007FF725800000-0x00007FF72623B000-memory.dmp
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp®0
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp®1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp®2
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 380KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ