zloader 2_1[.]0[.]13[.]0[.]vir | Triage

Resubmissions

19-07-2023 11:14

230719-nb99yscg87 10

19-07-2020 19:33

200719-m964m1njqe 10

Sharing

General

Target

zloader 2_1.0.13.0.vir
Size

154KB
MD5

07e6b50724981e0c96f7d23f48d309b5
SHA1

0c012857690e0eebf10eb0ccafcbad9434f99d91
SHA256

21f41071eb31d4b4f2fb1e5d9be035014b1302313804e46077ca23da0dd30bc8
SHA512

e930617c54fee9fbc9cfb37d6a014e808556f55306d50e2b83c81ef9478772ff4be4e86d55f03879ab5d0cba6a796268dbfb9ac06b2350502bbf56286dc83102
SSDEEP

3072:NOgSKE2Om5C3nAnpedwh6cXtoqnDqQ8CrE6mA3b77BJDg:MgSKEhmcQnpSwh6cu0T8CY6mA3/7X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
zloader 2_1.0.13.0.vir

Files

zloader 2_1.0.13.0.vir
.exe windows x86

0012131c357107fbab066d88c6119ad6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
WaitForMultipleObjects
GetCommandLineA
TlsGetValue
SearchPathA
SleepEx
SleepEx
FindFirstFileW
CloseHandle
SleepEx
GetEnvironmentVariableA
VirtualAllocEx
CreateMailslotA
MoveFileA
GetModuleHandleA
GetACP
SleepEx
SetEvent
SleepEx
SearchPathA
SearchPathA
CreateJobObjectW
SleepEx
GetCurrentProcess
SleepEx
RemoveDirectoryW
LoadLibraryExW
SetLocalTime

certcli

CACloseCertType
CADeleteCA
CAEnumFirstCA

Sections

.text
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ