ExLoader_Installer[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ExLoader_Installer.exe
Size

23.3MB
MD5

951a41f877cd666aad445a28516aca9e
SHA1

eac105dff6289c2a0355e7afa6229fe8dcd9f027
SHA256

7e0e284b6476f78bb222bd56dedf9a5a3e89ff36a356741ac5e0f9f3c99651db
SHA512

48e778af1f105ea0447cde0138a5ec8d8ec7bcf3c026cf3534308cd14af12e558a17360491179dab1f541be23efe026a2b9f573c4df60c0cdfe278f9bea74e7a
SSDEEP

393216:YlL91czZyTEHvRePi3ITxqn6sGyuB0u01kjV47GjwwYYxn:cszFgMxnumjsVqY0Y

Score

1^/10

Malware Config

Signatures

Files

ExLoader_Installer.exe
.exe windows x86

Password: 512523452345

140094f13383e9ae168c4b35b6af3356

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
ExitProcess
GetComputerNameA
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
SetErrorMode
Sleep
VirtualAllocExNuma

shlwapi

PathFindFileNameA

msvcrt

malloc
free
memset
strcmp
_strcmpi
strcpy

Sections

.text
Size: 23.2MB - Virtual size: 23.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ