primordial_loader[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

primordial_loader.exe
Size

9.2MB
MD5

28c7f3aa2795b98dde50af50511b9d5c
SHA1

0816cf1f633d2918fe30bfd5ee2ca41a416173a5
SHA256

ff9d7fa5958f09481137f941e294808d15a6e3fc07e1e0918a28531ace1acb9a
SHA512

ab4344812641fd2eaedf34b2b334094ab2d8833ca8d45cadd9c2395c58b5cd37d3d5bd7134119c8680ec34fb2635b75eb5cdef5c6c3d71739b2c2bd16a6758f4
SSDEEP

196608:vv9hUUAY1Js6UNJ7G2aQefh1bxT7iiRKTSfrkb+Gbqf/EYv1HusW:vQ/Y1Js6uhaVfhHhRCGAb+X3EYvN9

Score

1^/10

Malware Config

Signatures

Files

primordial_loader.exe
.exe windows x86

3810c3cabd2950c8fa99d4cd8d95dc2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxW
CharUpperBuffW

advapi32

CryptEnumProvidersW

msvcp140

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ

ws2_32

recv

crypt32

CertFreeCertificateContext

vcruntime140

__std_terminate

api-ms-win-crt-heap-l1-1-0

realloc

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-math-l1-1-0

_dsign

api-ms-win-crt-convert-l1-1-0

strtoull

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-stdio-l1-1-0

fclose

api-ms-win-crt-time-l1-1-0

_gmtime32_s

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-string-l1-1-0

strcspn

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 539KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ka%
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rw'
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.9x.
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3810c3cabd2950c8fa99d4cd8d95dc2f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

ws2_32

crypt32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: - Virtual size: 1.8MB

.rdata Size: - Virtual size: 539KB

.data Size: - Virtual size: 25KB

.ka% Size: - Virtual size: 5.3MB

.rw' Size: 2KB - Virtual size: 1KB

.9x. Size: 9.1MB - Virtual size: 9.1MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 106KB - Virtual size: 105KB

.text
Size: - Virtual size: 1.8MB

.rdata
Size: - Virtual size: 539KB

.data
Size: - Virtual size: 25KB

.ka%
Size: - Virtual size: 5.3MB

.rw'
Size: 2KB - Virtual size: 1KB

.9x.
Size: 9.1MB - Virtual size: 9.1MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 106KB - Virtual size: 105KB