Static task
static1
Behavioral task
behavioral1
Sample
loader.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
loader.exe
Resource
win10v2004-20230621-en
General
-
Target
loader.dat
-
Size
6.1MB
-
MD5
d07c83d3938c02bc7befdcf11a8f619e
-
SHA1
6cdcc379877847670c859417a84f3fc265a2b420
-
SHA256
bcfefef116c5ccf1ea7e110be257222f01f73aff1e0106f2268313bed413afcb
-
SHA512
1e211b65f23eaf32575f757c69df30b80f9f6ac1d4901371e65ae9d1471f5f873e6d4121189bc6b5bfe93149d4699dceab6b248a4e070ffbb703b0b97ff8581a
-
SSDEEP
98304:vrX2+qaBQF2Os1nxZyOZS4fBhENbOo1R+TfXw4ld9v4JCn6UE4+twOD4wfOtOdBq:vTZ3Ms1xI94fsNyQ61D4JFPtCtOdBuR
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource loader.dat
Files
-
loader.dat.exe windows x64
a64855df3aa165edb59a1fae5abd5b10
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
CloseHandle
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
AdjustWindowRectEx
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW
gdi32
GetDeviceCaps
advapi32
RegCloseKey
ws2_32
WSACleanup
imm32
ImmGetContext
msvcp140
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
ntdll
NtQuerySystemInformation
d3d9
Direct3DCreate9
vcruntime140
_CxxThrowException
api-ms-win-crt-stdio-l1-1-0
__acrt_iob_func
api-ms-win-crt-runtime-l1-1-0
_beginthreadex
api-ms-win-crt-convert-l1-1-0
_itoa_s
api-ms-win-crt-filesystem-l1-1-0
_lock_file
api-ms-win-crt-string-l1-1-0
_stricmp
api-ms-win-crt-time-l1-1-0
_time64
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-heap-l1-1-0
_callnewh
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
wtsapi32
WTSSendMessageW
Sections
.text Size: - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 146KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 103KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.00cfg Size: - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gehcont Size: - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.retplne Size: - Virtual size: 92B
.tls Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data0 Size: - Virtual size: 3.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data1 Size: 6.1MB - Virtual size: 6.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 220B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ