General

Malware Config

Signatures

Files

• loader.exe

  .exe windows x64

  15fd01fb7e6ca57c8d5b667e1bfac6f6

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  Wow64DisableWow64FsRedirection

  GetSystemTimeAsFileTime

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  user32

  ShowWindow

  GetUserObjectInformationW

  GetProcessWindowStation

  GetUserObjectInformationW

  gdi32

  DeleteObject

  advapi32

  RegSetKeyValueA

  shell32

  SHGetKnownFolderPath

  ole32

  CoCreateGuid

  oleaut32

  VariantClear

  ntdll

  NtSuspendThread

  msvcp140

  ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

  shlwapi

  PathRemoveFileSpecA

  imm32

  ImmSetCompositionWindow

  ws2_32

  WSAGetLastError

  crypt32

  CertAddCertificateContextToStore

  secur32

  InitSecurityInterfaceW

  d3d11

  D3D11CreateDeviceAndSwapChain

  d3dcompiler_47

  D3DCompile

  gdiplus

  GdipFree

  dnsapi

  DnsNameCompare_W

  rpcrt4

  UuidCreate

  vcruntime140_1

  __CxxFrameHandler4

  vcruntime140

  memmove

  api-ms-win-crt-heap-l1-1-0

  _set_new_mode

  api-ms-win-crt-runtime-l1-1-0

  _errno

  api-ms-win-crt-stdio-l1-1-0

  _get_stream_buffer_pointers

  api-ms-win-crt-string-l1-1-0

  isalnum

  api-ms-win-crt-utility-l1-1-0

  rand

  api-ms-win-crt-convert-l1-1-0

  strtof

  api-ms-win-crt-filesystem-l1-1-0

  remove

  api-ms-win-crt-time-l1-1-0

  _time64

  api-ms-win-crt-math-l1-1-0

  powf

  api-ms-win-crt-environment-l1-1-0

  getenv

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  wtsapi32

  WTSSendMessageW

  Exports

  Exports

  <}��3�k�& ԮhG��Z�_�g�j��>�_F�_P�W��M�z>�T{����
  Y/���'������ʍ�l̛��(�h5��T.<�}vK��*��-j�Ti�A:��7X�r�"�
  f,����0�K�#�#���8��ޚ�&�V�� &�V���m��%�J�Z�†rsXy���g@�D//�p�Dgכ�x
   !��� ��=��w8��N��!���'�X���P ���Ø�Z[�1�+̈ZS�d�������*n�XIo��v+Jش��_���� KB�k9V����Tӊ�ҏj��^U(
  ����%�s�L,8�S8�o7�� +׫��Y �c�Z߂����.�
  �����z��?dwRa��V(�j �Bh9��L�f a������r��T�$�*�;�F��hc7�V׮�h��b��W�0���#ӶSu|��0UQ����Q!���BX��b6:�
  oͫw�O_M:LO�Z��<��e��e{�zR?p��i�z!����,�.����lq�7���� ��`R��>T{�M�,pH\�D�d�ԗ��z�DE���
  �'�
  � ?<����XJba���U�!��ݴש��7OxM�A�A��zT��TZ��JY�[�Gx���]o��������l?b���� �Q �%-� ^c������Tئ-�W��=��5�����د���ޡ� ���4x�������K��
  �Hѳ��M� �H*fLҾ@qofn��9o�b�,��}܍���q��I=h�"d�üL�Y@o�e(8��xtf�畋�r䟩ׯiT�QX��]69�ɜ1�F�&,�z�#Jl&-x3��V��~��2t,�db�cJ���s�l�J�� �/Pc��3�
  V��1P�HЇm��O��>� J 5�����%+o��q0��d2��Oo2��Րr0B�Ԓ2џ��ZVP�P���)� �T=�[ye��ԫ╈��9��
  h�K}�}!�e��{r�ib���~��h���ϪQ�W&|�K���&��\���М����w��[suN�̎PA���S��2w5;�;U]�]R�3�$;�����W �+kn[)�� �rOF!ʃY���IB��b��Cy��I8<�n���93lϝ����&3v($;m\eƘ� �H񕻵�7��a�&� 1I�4�r�49�C�?���3��P��) �+����1�~6d=�����M�G�#�^L�P�u��?z��e��7�ZrL�a����&�1<�-]|��u�^�C,�\/"����ϙ�ː���QqK�����8�3��!Y���xӢy:��.��=`�Ƹׁ�<����P� ����� �q�n��#U����/t�e�i�����'X\3����Z��.�1t���
  W ��=��z�c.5��=2ӽ�%��P �/"�d�ڄ�&#�gҘ���Bl���=Ŋ��f�� ��<2�򌐻��ċ�%6���A�A�U�Ҷl� %�sE��0�Vq;�C#$�
  皈�%�X
  t��QK���2���$>��n2Nb;H+8���� va��R������$��n�H�Ն�Р�P�2�O��-����a��͘n��@ �ɽ���&�@!��DP���w8&'k� @�{���_����Xd�}my�X��X1`^G�����f��a�"��RGb��@KT��|��`�]��q�B=���1����}�I®�VϜ?g�� ���⇝=�����S��'
  ���I��S"'߅p�E�°�ߠ#+���H|��q=��54"4M+��: ��9��;�C��� k�f���m@���<�������F���d�4(��-0B<���q`}�:K�Q ��"�XH����B&� XW/+C�L���u|�Wݘ��:B�]�U sWf��T��U~6�~P��5�08J�֎���Ҝ�pH��ܗO�0������q�U�{%�{&��?���+��&X�L��Q�fp+� ��GF-H\��4������*�|E�˿@p����n��9�ۄ����w
  �1#���ʳf���u"<+Ɩr�ͳ�*I�Ϗ�hsm�C�S��D�W�#'Y��G >W�X�r�Mbɭ�T�/����6�<:������ǯ����l4=�^ 0�bF+(X������v�T�#�����*^$��o4���L������1�V���.�N�����ϡ����h����m�)aW�U��e��|.�����AXEjޅ=�70բk��f�s�.��)�;2*��
  �6�D# ���$���-4N�"-9.��wj�����/,�iֻ�y� ��\����O+�1]�p�$LD�w��|�=�%Wl^�ȧZ�(� �C>kMZ�6� Qf#�X�f���t�O�e4�d Q*O,�%Z���������"�@ ���j�٥q��?m�ۮT��
  E�J�,^I����Q"K����L�o�_q�.!~=RF�W)����]���b)�qf�� ծ��kYoq3�l��pgC1�`�\�� ��1���.uw���,�ˊ̊y@H�k^�<���c��j4�Q���H�.��q����c�Hn&1)�M�E҄&�};���5��y^qʸ��ԁӞf"�{�٘/�u��.�t�k��b���;�ff����5D��pIT޵2�����tD���_�p'�r���� B��z�����
  �����{Z�3���3�^;�({�5�1�k�,4���ʣ����{.��>���[������S��Di����մGq�:�-mV%Yޤ\0�K�CLf���*�,=&�e�` ^6�V�h�� ���]y�Y��3n� @m{��2< 9>��ֽap5���*��`���l�x��g����IL�@ P�r�$���s������f����� ��� ��P|跖Ù���ώQ%?�xP�I����nih�,9� �)��_�A)ua�1w䵡OY^Y���Ծ��J���^5���L\��t���\��=6����;�9�ȃ�Ρ�9�K�F�W[87R㬞ZZa�o��`>��M�۶:��I�����g�D��E�U�aSb��ص~X� 0F��D��t3���j 9]�a�> �l}���

  Sections

  🧠4uN%

  Size: - Virtual size: 925KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  🧠A]zn

  Size: - Virtual size: 511KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  🧠+/*9

  Size: - Virtual size: 784KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  🧠'x00

  Size: - Virtual size: 54KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  🧠'IAL

  Size: - Virtual size: 6.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  🧠w^]>

  Size: 8.6MB - Virtual size: 8.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  🧠h`J?

  Size: 1024B - Virtual size: 737B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ