Loader[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Loader.exe
Size

5.9MB
MD5

d0ffcc482ce53b386a30199dab65f6e0
SHA1

00ef2852b530749fbcb8c40099bdc68151780bb6
SHA256

a1773235dcd9c9f815793b7509f91b959b450c4bf90b6c26794c9f59458f9050
SHA512

09a4b86a7b77d08daf0668e6e9f7eac66ac0368b2f4a08d4404a10b8b45a1b929c9402ff36369780015728fb7d371fce59b43ce518214ba011b3f0248cdc8b63
SSDEEP

98304:7RRxywgpOB5q7fgMamWcXU3KUvLp73YxRfSjhFvucBaM6stwpINm5wbCKHB3:7xy5ABA7fgxlp3YxRwduqgsEEm5nQB

Score

1^/10

Malware Config

Signatures

Files

Loader.exe
.exe windows x64

ef5e8032da19bbd68d133e39a595e436

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d10

D3D10CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

ws2_32

WSACleanup
WSAStartup

kernel32

GetCurrentProcessId
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
OpenProcess
GetProcAddress
GetModuleHandleW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetSystemTimeAsFileTime
QueryPerformanceCounter
SizeofResource
Process32First
FindResourceA
CreateToolhelp32Snapshot
Sleep
GetTickCount64
LockResource
Process32Next
CloseHandle
LoadResource
HeapAlloc
GetProcessHeap
GetSystemTime
GetExitCodeProcess
WriteProcessMemory
HeapFree
WaitForSingleObject
VirtualAllocEx
ReadProcessMemory
CreateRemoteThread
VirtualFreeEx
GetModuleHandleA
LocalFree
InitializeSListHead
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetClipboardData
GetClipboardData
ClientToScreen
DispatchMessageA
GetWindowRect
DestroyWindow
ShowWindow
IsWindow
GetAsyncKeyState
MapVirtualKeyA
DefWindowProcA
CreateWindowExA
TranslateMessage
PeekMessageA
UnregisterClassA
GetDesktopWindow
RegisterClassExA
UpdateWindow
GetWindowThreadProcessId
FindWindowA
GetKeyState
LoadCursorA
ScreenToClient
GetActiveWindow
GetCapture
EmptyClipboard
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

oleaut32

VariantClear

msvcp140

_Mtx_unlock
_Cnd_init
_Mtx_destroy
_Thrd_start
_Mtx_init
_Cnd_wait
_Cnd_destroy
_Cnd_do_broadcast_at_thread_exit
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Cnd_signal
??Bid@locale@std@@QEAA_KXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

vcruntime140

memcpy
memmove
memcmp
memset
_CxxThrowException
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__std_terminate
__C_specific_handler
strstr
memchr

api-ms-win-crt-stdio-l1-1-0

fgetc
__p__commode
fclose
feof
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vfprintf
fopen_s
fseek
fflush
__acrt_iob_func
_get_stream_buffer_pointers
_fseeki64
fputc
fread
fsetpos
ungetc
setvbuf
fgetpos
_set_fmode
fwrite

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
_set_new_mode
malloc
free

api-ms-win-crt-math-l1-1-0

sinf
ceilf
powf
cosf
pow
atan2f
sqrtf
fmodf
floorf
ldexp
floor
__setusermatherr

api-ms-win-crt-convert-l1-1-0

strtol
atof

api-ms-win-crt-string-l1-1-0

isprint
strncmp
strncpy
strcmp

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-runtime-l1-1-0

exit
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
terminate
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_register_onexit_function
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
_register_thread_local_exe_atexit_callback
_c_exit
_initialize_narrow_environment

api-ms-win-crt-utility-l1-1-0

srand
rand
qsort

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.urafuck
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.urafuck
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef5e8032da19bbd68d133e39a595e436

Headers

DLL Characteristics

File Characteristics

Imports

d3d10

d3dcompiler_47

ws2_32

kernel32

user32

oleaut32

msvcp140

imm32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

wtsapi32

Sections

.text Size: - Virtual size: 274KB

.rdata Size: - Virtual size: 162KB

.data Size: - Virtual size: 5KB

.pdata Size: - Virtual size: 6KB

.urafuck Size: - Virtual size: 4.5MB

.urafuck Size: 5.9MB - Virtual size: 5.9MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 274KB

.rdata
Size: - Virtual size: 162KB

.data
Size: - Virtual size: 5KB

.pdata
Size: - Virtual size: 6KB

.urafuck
Size: - Virtual size: 4.5MB

.urafuck
Size: 5.9MB - Virtual size: 5.9MB

.rsrc
Size: 512B - Virtual size: 480B