winload[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

winload.exe
Size

121KB
MD5

4379f35f2ed9fa2192d0a416cf457cb6
SHA1

5fdd7b7f2648a5ac602a4438cad6f14c72a2809c
SHA256

689c91e49a55cf066fbd7499fce797f2e8085bea8860937f27b718916fe6c6c0
SHA512

743375a00c9ac3f2ca1250974038746725c6c1821facc4fab97a6b49383a8e64a17c2ea3e7e1a69de9dd06e8211d7b9d062f47055414660981f797d6501fd6eb
SSDEEP

3072:Q2iT6xOYxT1uhjJDCjC4bmYNDOIaHZRdxaJVYYPwiO:Q4xT1uhFGbmFxowi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
winload.exe

Files

winload.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ