privateloader | 2556-54-0x000000013F210000-0x000000013FC46000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2556-54-0x000000013F210000-0x000000013FC46000-memory.dmp
Size

10.2MB
MD5

d73dc5514b28ad31652c6956ef5b8ba3
SHA1

7bdcf77d339635c9a71c898efc626ed692209126
SHA256

7116221bf1786c80cececca8592d33fd3883b6cfd1aad9b6a8e06460bb09b687
SHA512

a5d87714a4b186ad88418e44d77db1c14a53338d54bd96fa550dbd05188c9c0f5ad9db0d8f1094609b1386a9f24b03e348052e71d95474ab7957220f7f671b94
SSDEEP

98304:AONjOg4aPT40wU9eMBX9etxV06LdxV9QflRBhPDkNWLA9VPhO6v7zyod7rEsOR:Aw6gPwkJ6xV0cdn9QTPDIfVbdd7wzR

Score

10^/10

privateloader

Malware Config

Signatures

Privateloader family
privateloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2556-54-0x000000013F210000-0x000000013FC46000-memory.dmp

Files

2556-54-0x000000013F210000-0x000000013FC46000-memory.dmp
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp;""@
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp;""@
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp;""@
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 146KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ