Behavioral task
behavioral1
Sample
2024-72-0x00000000012F0000-0x0000000001E0F000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-72-0x00000000012F0000-0x0000000001E0F000-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-72-0x00000000012F0000-0x0000000001E0F000-memory.dmp
-
Size
11.1MB
-
MD5
14ab329ac386fdc24cd230c077fdf645
-
SHA1
fa7ed65662d42293313bafa2ab7fcc69e1e61059
-
SHA256
8dfde516fde85af702e1a615869ef01b2f115db94d6450904cef888ac8888a0a
-
SHA512
4049c212809d8b9e7a835b83d8dd7f8c38f2be132613b82adf64a6620e04bb4c3e786c7902ab7f8aa0eabbcdd81aa9a97661c3a9887f0144ff7e214f149bb07d
-
SSDEEP
196608:MizNuN67Y9lSHHtsNFycufi6bezcNnsdEFQplutMut7hjkHHCs6slQ0ypilw:XzUlSHHuy3fTeJTpI7EHHCs6f8lw
Malware Config
Signatures
-
Privateloader family
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-72-0x00000000012F0000-0x0000000001E0F000-memory.dmp
Files
-
2024-72-0x00000000012F0000-0x0000000001E0F000-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 168KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 3.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 5.3MB - Virtual size: 5.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 304KB - Virtual size: 304KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ