Behavioral task
behavioral1
Sample
2020-72-0x0000000001320000-0x0000000001D54000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2020-72-0x0000000001320000-0x0000000001D54000-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
2020-72-0x0000000001320000-0x0000000001D54000-memory.dmp
-
Size
10.2MB
-
MD5
d592ad70d4a6b1049d5b8c8c12d3d55c
-
SHA1
632a0c501d69dac13848af938db9cad603284c2d
-
SHA256
de21a1cc63ccde8ba37225e6ea5bf29c3bfd419ba9353e055b5b1b331b3fc3f7
-
SHA512
40d17d6f56aa75b2bfda30c57f28f6c6804c18374b89c1c90133238c4ea817cac5cc7daf63e6b77d96d1040881033f86d54ed40e16aa50d72832ff9b027c4d7d
-
SSDEEP
196608:91bsh7n2poUPmj7ZhldGqKxkMgPyGxMB/XmlXUv5WdK4H2mI:LPpoUM/ldGVxkPyIwmmBWdKT
Malware Config
Signatures
-
Privateloader family
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2020-72-0x0000000001320000-0x0000000001D54000-memory.dmp
Files
-
2020-72-0x0000000001320000-0x0000000001D54000-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 168KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 2.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 4.7MB - Virtual size: 4.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 874KB - Virtual size: 874KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ