Behavioral task
behavioral1
Sample
1580-54-0x00000000012F0000-0x000000000254D000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1580-54-0x00000000012F0000-0x000000000254D000-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
1580-54-0x00000000012F0000-0x000000000254D000-memory.dmp
-
Size
18.4MB
-
MD5
b55a0b0c4fc823f8c93dd4098d4b5163
-
SHA1
a69f5610ae9ced92cfab9a3804a073533414b806
-
SHA256
73e07add07f8fb673e360f0a0ed9d831432fb4d7a6de43e4230af9123ccca719
-
SHA512
662b98517e1c902bf7900cab0f357c1051421cbcfe04665a70194a1119391d238ab4912d502d63fcb93cb0fd22354acf34ec1654d767b6bf7803b68b6dcb577f
-
SSDEEP
196608:tNecIB/0NccP+Z4cTzo68v3LSA74wFUV5:/Oi+Tzo6ex4cUV5
Malware Config
Signatures
-
Privateloader family
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1580-54-0x00000000012F0000-0x000000000254D000-memory.dmp
Files
-
1580-54-0x00000000012F0000-0x000000000254D000-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 168KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.vmp0 Size: - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 4.0MB - Virtual size: 4.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 204KB - Virtual size: 10.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ