privateloader | file[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

6.8MB
MD5

d2b710790d0ce2626a5a34a094f6ee65
SHA1

f4a79644612945e1a4a8a387bfa8a9157a363ac9
SHA256

4e4a8dd542a3e35ec8dd4c439a30303528ff2ba9bd3b35c81423ba2fad551f74
SHA512

c5372544c22aee00eaf5d7fcaa2d0a9d9b31db8379b10b5d36fff2c1fe333e3d0b4d1897e8fbabec7a01a2c8ff7ce357138df946382c6fe52fdbd5669c3be5c3
SSDEEP

196608:QpkdpOTgpSsqF10P1CPwDvt3uFTDC7LIKcosI3jhMSN:ckdQMpSfF1s1CPwDvt3uF/CfIKcoss

Score

10^/10

privateloader

Malware Config

Extracted

Family

privateloader

http://108.174.200.11/MWTSL

Signatures

Privateloader family
privateloader

Files

file.exe
.exe windows x86

53a566186eddd8a43c4dcb5fb2ea6af6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
Sleep
GetModuleHandleExA
GetTimeZoneInformation
GetLastError
GetFileAttributesA
CreateFileA
LoadLibraryA
DeleteFileA
CloseHandle
GetSystemInfo
GetProcAddress
LocalFree
FreeLibrary
WideCharToMultiByte
GetSystemTime
lstrcatA
lstrcpyA
ReadFile
SetFilePointer
CreateFileW
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
InitializeCriticalSection
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
WaitForSingleObjectEx
DeleteFileW
HeapReAlloc
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetSystemTimeAsFileTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
GetModuleHandleA
FindClose
WriteFile
GetCurrentProcess
IsValidCodePage
SetStdHandle
LeaveCriticalSection
LCMapStringW
CompareStringW
GetFileSizeEx
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetStdHandle
GetModuleFileNameW
FreeLibraryAndExitThread
FindFirstFileExW
FindNextFileW
SetFilePointerEx
InitializeCriticalSectionEx
EncodePointer
DecodePointer
GetCPInfo
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetFileType
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread

Sections

.text
Size: 863KB - Virtual size: 862KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

53a566186eddd8a43c4dcb5fb2ea6af6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 863KB - Virtual size: 862KB

.rdata Size: 106KB - Virtual size: 106KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 5.8MB - Virtual size: 5.8MB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 863KB - Virtual size: 862KB

.rdata
Size: 106KB - Virtual size: 106KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 5.8MB - Virtual size: 5.8MB

.reloc
Size: 17KB - Virtual size: 16KB