NoStamLoader[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NoStamLoader.exe
Size

14.7MB
MD5

4fa589288d6d01624a043ebfb4115165
SHA1

316df4d86852d3cff76e5645fe6e862b3cc13d7e
SHA256

89e1dbf8cf0536172f751e399c20a67702542349a940020cab5ac8a4b2e857c8
SHA512

2c0a9154980fe5e3af17e5ebbf48688c1d36ff4842755445bccb61114f6cdf9a3fe5ef17da75ea38a57e792096fd2f06d7ff072fc0eaec74c822aa478dda46b2
SSDEEP

393216:ZC9UCsadWPrXm5FJGO0Tza7PqKPgD4WSv5Gcdi:cAPrXm5FJGOWzqPqKPu4WQ5Gh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NoStamLoader.exe

Files

NoStamLoader.exe
.exe windows x64

83c05a1523211847740fc4d21d4fc7e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libcrypto-3-x64

EVP_CIPHER_CTX_free

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

advapi32

GetUserNameA

msvcp140d

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

kernel32

HeapAlloc
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

iphlpapi

GetAdaptersInfo

wininet

HttpSendRequestA

vcruntime140d

memchr

vcruntime140_1d

__CxxFrameHandler4

ucrtbased

_time64

Sections

.textbss
Size: - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: - Virtual size: 917B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SMO
Size: - Virtual size: 8.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.il6
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.//a
Size: 14.7MB - Virtual size: 14.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83c05a1523211847740fc4d21d4fc7e2

Headers

DLL Characteristics

File Characteristics

Imports

libcrypto-3-x64

shell32

ole32

advapi32

msvcp140d

kernel32

iphlpapi

wininet

vcruntime140d

vcruntime140_1d

ucrtbased

Sections

.textbss Size: - Virtual size: 93KB

.text Size: - Virtual size: 222KB

.rdata Size: - Virtual size: 79KB

.data Size: - Virtual size: 4KB

.pdata Size: - Virtual size: 20KB

.idata Size: - Virtual size: 15KB

.msvcjmc Size: - Virtual size: 917B

.00cfg Size: - Virtual size: 373B

.SMO Size: - Virtual size: 8.9MB

.il6 Size: 4KB - Virtual size: 3KB

.//a Size: 14.7MB - Virtual size: 14.7MB

.rsrc Size: 512B - Virtual size: 469B

.textbss
Size: - Virtual size: 93KB

.text
Size: - Virtual size: 222KB

.rdata
Size: - Virtual size: 79KB

.data
Size: - Virtual size: 4KB

.pdata
Size: - Virtual size: 20KB

.idata
Size: - Virtual size: 15KB

.msvcjmc
Size: - Virtual size: 917B

.00cfg
Size: - Virtual size: 373B

.SMO
Size: - Virtual size: 8.9MB

.il6
Size: 4KB - Virtual size: 3KB

.//a
Size: 14.7MB - Virtual size: 14.7MB

.rsrc
Size: 512B - Virtual size: 469B