vipkeylogger | 2684-21-0x0000000033E70000-0x0000000033EC0000-memory[.]dmp | Triage

Sharing

General

Target

2684-21-0x0000000033E70000-0x0000000033EC0000-memory.dmp
Size

320KB
MD5

b5ac0f3d26c6ea337703a166db8fe715
SHA1

21781e36c3f2185c8e3bfe4e78c32e5b713fd2fb
SHA256

ecb2f1f54d828e8841384d5868dc73d78b61836422d99c4d4deeddcdea62e1ef
SHA512

fca8fc35ffce34d731144a077baca37dfdedc3aab4a960819dd5d48aa330a622766f13f7f372f54cfb8d67e491ddf6b169925cacb63b9079154b0070698bdb45
SSDEEP

6144:KOYlg+551FUbw4eAcaSqSaq4qQO+CAImloTtb3fFC5cFSbUbtFrb:glg+551FUbw4eAcaSqSaq4qQO+CAImly

Score

10^/10

keylogger stealer vipkeylogger

Malware Config

Extracted

Family

vipkeylogger

Signatures

Vipkeylogger family
vipkeylogger

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2684-21-0x0000000033E70000-0x0000000033EC0000-memory.dmp

Files

2684-21-0x0000000033E70000-0x0000000033EC0000-memory.dmp
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

_.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ