TeaLoader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

TeaLoader.exe
Size

21.1MB
MD5

b9faa2a817cad09442d60f0383255d67
SHA1

0548e789920eac4a4e11c5f397f336b3aac486fd
SHA256

c58327790569c4b985599a48f1126216ea56dbb465af1899b2fe83f9e048db3b
SHA512

16d65d3e6d78bc1eae33e123a5302842d91cb82dd339d10f7da970b3716955de5c91b4402a5e0dafdeae79d64c444f2463b15578fa40ef16de7de2a78dc002b1
SSDEEP

393216:x3qUH3X03StMUHxujyyC7zZ3MShykvJHL21qeKz/8YvI5IP7Bb9ctyla/5iQjD:x3qI3k3Srxay18PkvJroQ9w47jctEe5j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TeaLoader.exe

Files

TeaLoader.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

/zSl}/
Size: 20.7MB - Virtual size: 20.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ