loader[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

loader.7z
Size

343KB
MD5

a6e3f4da1e9a96d0dae8fbdf7cb2fd2d
SHA1

0fe6b24e34ad124219312dcf8718dda972a8f00e
SHA256

3de508f45986acf9fd4a8ecdcd44edb95baf1246d2d1a4226baee066ba8c2869
SHA512

2cb4eb4ae202416cfc718e42c02782b327e6c7e752116efc76f8dba29517b37a61543f960c065d3b99682bf52fc86a7f233c0fe92b13dd76ff96ca87be7983d2
SSDEEP

6144:7EVrMpRi+UEdCi+nceYFurVTqpMX6GMSMmahylbWd8QtU9kps:wi+JcqceYITqpgahAWd8mUmO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/loader/2.dll

Files

loader.7z
.7z
loader/2.dll
.dll windows x86

fe1bad1210fb9866013ea023b05102bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

BitBlt
ChoosePixelFormat
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreatePalette
DeleteDC
DeleteObject
DescribePixelFormat
GetDIBits
GetDeviceGammaRamp
GetSystemPaletteEntries
GetSystemPaletteUse
RealizePalette
SelectObject
SelectPalette
SetDIBColorTable
SetDeviceGammaRamp
SetPaletteEntries
SetPixelFormat
SetSystemPaletteUse
SwapBuffers
UnrealizeObject

kernel32

CloseHandle
CreateFileA
CreateFileMappingA
CreateFileW
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetACP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetFileSize
GetLastError
GetLocaleInfoA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEnvironmentVariableA
SetErrorMode
SetFilePointer
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteFile

user32

AdjustWindowRect
AdjustWindowRectEx
BeginPaint
CallWindowProcA
ChangeDisplaySettingsA
ClientToScreen
ClipCursor
CreateCursor
CreateIconFromResourceEx
CreateWindowExA
DefWindowProcA
DestroyCursor
DestroyIcon
DestroyWindow
DispatchMessageA
EndPaint
EnumDisplaySettingsA
GetClassInfoA
GetClientRect
GetCursor
GetCursorPos
GetDC
GetFocus
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutNameA
GetKeyboardState
GetMenu
GetMessageA
GetParent
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsZoomed
KillTimer
LoadImageA
LoadKeyboardLayoutA
MapVirtualKeyExA
MapWindowPoints
MessageBoxA
MessageBoxW
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RegisterClassA
ReleaseCapture
ReleaseDC
ScreenToClient
SetCapture
SetClassLongA
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
ToAsciiEx
ToUnicode
TranslateMessage
UnregisterClassA
WindowFromPoint

Exports

Exports

kMG_Init
kMG_InvertAlpha
kMG_Linked_Version
kMG_Load
kMG_LoadBMP_RW
kMG_LoadCUR_RW
kMG_LoadGIF_RW
kMG_LoadICO_RW
kMG_LoadJPG_RW
kMG_LoadLBM_RW
kMG_LoadPCX_RW
kMG_LoadPNG_RW
kMG_LoadPNM_RW
kMG_LoadTGA_RW
kMG_LoadTIF_RW
kMG_LoadTyped_RW
kMG_LoadWEBP_RW
kMG_LoadXCF_RW
kMG_LoadXPM_RW
kMG_LoadXV_RW
kMG_Load_RW
kMG_Quit
kMG_ReadXPMFromArray
kMG_isBMP
kMG_isCUR
kMG_isGIF
kMG_isICO
kMG_isJPG
kMG_isLBM
kMG_isPCX
kMG_isPNG
kMG_isPNM
kMG_isTIF
kMG_isWEBP
kMG_isXCF
kMG_isXPM
kMG_isXV
kDL_AddTimer
kDL_AllocRW
kDL_AudioDriverName
kDL_AudioInit
kDL_AudioQuit
kDL_BuildAudioCVT
kDL_ClearError
kDL_CloseAudio
kDL_ConvertAudio
kDL_ConvertSurface
kDL_CreateCursor
kDL_CreateMutex
kDL_CreateRGBSurface
kDL_CreateRGBSurfaceFrom
kDL_CreateSemaphore
kDL_CreateThread
kDL_Delay
kDL_DestroyMutex
kDL_DestroySemaphore
kDL_DisplayFormat
kDL_DisplayFormatAlpha
kDL_EnableKeyRepeat
kDL_EnableUNICODE
kDL_Error
kDL_EventState
kDL_FillRect
kDL_Flip
kDL_FreeCursor
kDL_FreeRW
kDL_FreeSurface
kDL_GL_GetAttribute
kDL_GL_GetProcAddress
kDL_GL_LoadLibrary
kDL_GL_Lock
kDL_GL_SetAttribute
kDL_GL_SwapBuffers
kDL_GL_Unlock
kDL_GL_UpdateRects
kDL_GetAppState
kDL_GetAudioStatus
kDL_GetClipRect
kDL_GetCursor
kDL_GetError
kDL_GetEventFilter
kDL_GetKeyName
kDL_GetKeyRepeat
kDL_GetKeyState
kDL_GetModState
kDL_GetMouseState
kDL_GetRGB
kDL_GetRGBA
kDL_GetRelativeMouseState
kDL_GetThreadID
kDL_GetTicks
kDL_GetVideoInfo
kDL_GetVideoSurface
kDL_GetWMInfo
kDL_Has3DNow
kDL_Has3DNowExt
kDL_HasAltiVec
kDL_HasMMX
kDL_HasMMXExt
kDL_HasRDTSC
kDL_HasSSE
kDL_HasSSE2
kDL_Init
kDL_InitSubSystem
kDL_KillThread
kDL_Linked_Version
kDL_ListModes
kDL_LockAudio
kDL_LockSurface
kDL_LowerBlit
kDL_MapRGB
kDL_MapRGBA
kDL_OpenAudio
kDL_PauseAudio
kDL_PeepEvents
kDL_PollEvent
kDL_PumpEvents
kDL_PushEvent
kDL_Quit
kDL_QuitSubSystem
kDL_RWFromConstMem
kDL_RWFromFP
kDL_RWFromFile
kDL_RWFromMem
kDL_ReadBE16
kDL_ReadBE32
kDL_ReadBE64
kDL_ReadLE16
kDL_ReadLE32
kDL_ReadLE64
kDL_RegisterApp
kDL_RemoveTimer
kDL_SemPost
kDL_SemTryWait
kDL_SemValue
kDL_SemWait
kDL_SemWaitTimeout
kDL_SetAlpha
kDL_SetClipRect
kDL_SetColorKey
kDL_SetColors
kDL_SetCursor
kDL_SetError
kDL_SetEventFilter
kDL_SetModState
kDL_SetModuleHandle
kDL_SetPalette
kDL_SetTimer
kDL_SetVideoMode
kDL_ShowCursor
kDL_ThreadID
kDL_UnlockAudio
kDL_UnlockSurface
kDL_UnregisterApp
kDL_UpdateRect
kDL_UpdateRects
kDL_UpperBlit
kDL_VideoDriverName
kDL_VideoInit
kDL_VideoModeOK
kDL_VideoQuit
kDL_WM_GetCaption
kDL_WM_GrabInput
kDL_WM_IconifyWindow
kDL_WM_SetCaption
kDL_WM_SetIcon
kDL_WM_ToggleFullScreen
kDL_WaitEvent
kDL_WaitThread
kDL_WarpMouse
kDL_WasInit
kDL_WriteBE16
kDL_WriteBE32
kDL_WriteBE64
kDL_WriteLE16
kDL_WriteLE32
kDL_WriteLE64
kDL_getenv
kDL_iconv
kDL_iconv_close
kDL_iconv_open
kDL_iconv_string
kDL_memcmp
kDL_mutexP
kDL_mutexV
kDL_putenv
kDL_strlcat
kDL_strlcpy
kDL_strtod
klc_entry__3_0_0f
klc_entry_copyright__3_0_0f
must

Sections

.text
Size: 493KB - Virtual size: 492KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 78KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
loader/loader.bat

Sharing

General

Malware Config

Signatures

Files

fe1bad1210fb9866013ea023b05102bb

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

user32

Exports

Exports

Sections

.text Size: 493KB - Virtual size: 492KB

.data Size: 1024B - Virtual size: 572B

.rdata Size: 167KB - Virtual size: 167KB

.buildid Size: 512B - Virtual size: 53B

.bss Size: - Virtual size: 78KB

.edata Size: 5KB - Virtual size: 4KB

.idata Size: 6KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 108KB - Virtual size: 106KB

.reloc Size: 15KB - Virtual size: 15KB

/4 Size: 512B - Virtual size: 32B

.text
Size: 493KB - Virtual size: 492KB

.data
Size: 1024B - Virtual size: 572B

.rdata
Size: 167KB - Virtual size: 167KB

.buildid
Size: 512B - Virtual size: 53B

.bss
Size: - Virtual size: 78KB

.edata
Size: 5KB - Virtual size: 4KB

.idata
Size: 6KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 108KB - Virtual size: 106KB

.reloc
Size: 15KB - Virtual size: 15KB

/4
Size: 512B - Virtual size: 32B