Behavioral task
behavioral1
Sample
1412-57-0x0000000001090000-0x0000000001CEB000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1412-57-0x0000000001090000-0x0000000001CEB000-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
1412-57-0x0000000001090000-0x0000000001CEB000-memory.dmp
-
Size
12.4MB
-
MD5
7683d0d7898c16ec527c6fb40ade0928
-
SHA1
212290f9465ac4268408092f2e6799fb4b8bfcb4
-
SHA256
1da6cf1c20f9f35db71dd476dc07bbcd55d4ddeaf0b8156d0919d7a0139b7ba2
-
SHA512
0566ae7bbecf8b6db783fb705d4bf5e8c275fc46f30daacc0f35b335c76edabcca12f82b09e9e79b22337a3c825e61fffd18d7acca545a30423bf4ced387e15b
-
SSDEEP
393216:YgsLSR4gJ83nVBKAH2RlF/eemQdnx6ysK:YA4RXmAHSrmQSw
Malware Config
Signatures
-
Privateloader family
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1412-57-0x0000000001090000-0x0000000001CEB000-memory.dmp
Files
-
1412-57-0x0000000001090000-0x0000000001CEB000-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 168KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 3.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 6.3MB - Virtual size: 6.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 223KB - Virtual size: 562KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ