PenguinsLoader[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

PenguinsLoader.exe
Size

3.3MB
MD5

96d5903ffb0f6ff97a32e8cdaca7b50b
SHA1

94265c31e3b75b0ea5766cf8a07e739fd9f7ce46
SHA256

b59c5e54fd1c6839de70b97cca36c65ee82130286e11ae7eb56df98fb945705e
SHA512

dfcd7cb38e5e843194afcdd5c165485fb09d1f74501170f76e9f9f5cd9efc383347ea6d3150e6d0d7c53e3d426565a73dac7395f9578e237e62b5889a5167514
SSDEEP

49152:pXGtlqkmsjaYgEh19vs5fR6xmaamix4BRXxvRRiHnh0X:pqx9sqddx5d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PenguinsLoader.exe

Files

PenguinsLoader.exe
.exe windows x64

6ec57689b7ddbfeb257e61adb6d52ba6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d9

Direct3DCreate9

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetEndOfFile
SetStdHandle
HeapReAlloc
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetProcessHeap
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
DeleteFileW
OutputDebugStringW
CreateProcessW
GetExitCodeProcess
HeapFree
GetCurrentThread
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetCommandLineW
GetCommandLineA
WriteFile
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
ExitProcess
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
RtlUnwind
LoadLibraryExW
TlsFree
HeapSize
SetConsoleCtrlHandler
Process32Next
Process32First
CreateToolhelp32Snapshot
CloseHandle
GetProcAddress
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenProcess
CreateRemoteThread
WaitForSingleObject
GetModuleFileNameA
GetConsoleWindow
GetModuleHandleA
GetLocaleInfoW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
LoadLibraryA
RtlVirtualUnwind
GetEnvironmentVariableW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemDirectoryW
GetModuleHandleW
LoadLibraryW
Sleep
GetLastError
SetLastError
FormatMessageW
MoveFileExW
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetCurrentProcessId
SleepEx
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
SwitchToThread
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
FormatMessageA
LocalFree
GetLocaleInfoEx
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetFullPathNameW
SetFileAttributesW
SetFileInformationByHandle
SetFileTime
GetTempPathW
AreFileApisANSI
DeviceIoControl
CreateDirectoryExW
CopyFileW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeSRWLock
TryAcquireSRWLockExclusive
InitOnceExecuteOnce
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue

user32

PeekMessageA
DefWindowProcA
PostQuitMessage
SetProcessDPIAware
EnumDisplayMonitors
GetMonitorInfoA
MonitorFromWindow
LoadCursorA
SetWindowLongW
SetWindowLongA
GetWindowLongW
WindowFromPoint
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
AdjustWindowRectEx
GetClientRect
DispatchMessageA
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
IsWindowUnicode
ReleaseCapture
SetCapture
GetCapture
GetKeyState
SetFocus
BringWindowToTop
IsIconic
SetLayeredWindowAttributes
IsChild
TrackMouseEvent
TranslateMessage
UnregisterClassA
RegisterClassExA
CreateWindowExA
DestroyWindow
ShowWindow
SetWindowTextW
OpenClipboard
UpdateWindow
GetDesktopWindow
GetWindowRect
SetWindowPos
EmptyClipboard
CloseClipboard
SetClipboardData
GetClipboardData

shell32

ShellExecuteA

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

dwmapi

DwmIsCompositionEnabled
DwmGetColorizationColor
DwmEnableBlurBehindWindow

bcrypt

BCryptGenRandom

ws2_32

getsockopt
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSASetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
ntohs
WSASetLastError
inet_ntop
WSAStartup
WSACleanup
setsockopt
WSAIoctl
htons
socket
inet_pton
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
ioctlsocket
gethostname

crypt32

CryptDecodeObjectEx
PFXImportCertStore
CertAddCertificateContextToStore
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptStringToBinaryW
CertCloseStore
CertOpenStore

gdi32

GetDeviceCaps
DeleteObject
CreateRectRgn

advapi32

CryptAcquireContextW
CryptEncrypt
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 620KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 671B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ec57689b7ddbfeb257e61adb6d52ba6

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

kernel32

user32

shell32

imm32

dwmapi

bcrypt

ws2_32

crypt32

gdi32

advapi32

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 620KB - Virtual size: 620KB

.data Size: 15KB - Virtual size: 53KB

.pdata Size: 110KB - Virtual size: 110KB

.idata Size: 15KB - Virtual size: 14KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 373B

_RDATA Size: 1024B - Virtual size: 671B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 620KB - Virtual size: 620KB

.data
Size: 15KB - Virtual size: 53KB

.pdata
Size: 110KB - Virtual size: 110KB

.idata
Size: 15KB - Virtual size: 14KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 373B

_RDATA
Size: 1024B - Virtual size: 671B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 15KB