customloader_sanples[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

customloader_sanples.zip
Size

2.7MB
MD5

042a330372424a71673b5173aa36e87f
SHA1

2b6774444924a64212bf921cc9bbcb0f6afa911f
SHA256

85e3c122d5cf4de711c06ca7bdaa537e9e7eacca78a7edcd446ad95024c0d4b8
SHA512

d232deed0061eeee9e367b6b26a888a7a04c2b46405d219f2d2a77184363af640d4aa21a4fad328ebd5eb2d8219dc962dcc36cad3abb3edbfab95116cdcc0773
SSDEEP

49152:9pJhuV9V0+kkEuyWlwscjZ85/OcYyyInfcpW8YaOjEbk7r2+YIVjh:9tw9V/kcyWljcjZ85/2ynnUptYaAEbWh

Score

3^/10

Malware Config

Signatures

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/customloader_sanples/00dd94b80c0bcee74f7e34cf26ae3a7361db1729646de6744b4a308355fe0032
unpack001/customloader_sanples/157546ceec1ebe6fd4b1040258d7eb8eb48856ff623bc7cec20b0c87479a0f43
unpack001/customloader_sanples/15eb0acd5c58bb39c14f1be960dd3e1f462104acaafd13311f20e7ccd9c54489
unpack001/customloader_sanples/2124a1757769e8ac4525637aa8702f5891d9a3bf323b4e55155dc447390f421e
unpack001/customloader_sanples/2deaca4e59d93319dcf2e337e724b194589e2c0ba4a16c4a3f8da7c47b515826
unpack001/customloader_sanples/3fb66e93d12abd992e94244ac7464474d0ff9156811a76a29a76dec0aa910f82
unpack001/customloader_sanples/5583ebe13c108dc773f183ab345fee5d3e04d98914ab64fa58253767041d6ead
unpack001/customloader_sanples/5ffed643de1bd53951c0672cff51b35636759de3ebeed4e699d22030dfa1ac7a
unpack001/customloader_sanples/6fc9b09adf6942876a361295cf5303927551df1df55974a76b7b551f7b509f03
unpack001/customloader_sanples/718c4380216748924ce096bc63f925e883c5e9c5c502440fbb953704aa4db104
unpack001/customloader_sanples/a5df54e4bae0676becd059fa023fbf7bebd89063c163c5692652fd506b022757
unpack001/customloader_sanples/cc5a4a321bebe0b7d294721e1bc045080f5292e63261ff417c4d89bef7c56614
unpack001/customloader_sanples/d010d1633f727bd36cf99b85b2dfe1d5e0998edfb6e572622ef3b11255bebd69
unpack001/customloader_sanples/d35c36d62c69cfca62a0f7183ffbeda6ea48db9b647b1338e2e27f340ddf61c8
unpack001/customloader_sanples/d772f15ec085212826ff1e3f84df4e025241c50a5a118f91b3bd2f8472b30e8a
unpack001/customloader_sanples/e9b89c91baf30931ff00e18e04d957edc7735cbc9e44eec035e8f395f6c4b6dd
unpack001/customloader_sanples/f9444e1a8981103b2dabd202f1870a73965c205749b471889855697254f76368
unpack001/customloader_sanples/fc21b89a48bb18b42b6831e01a41419b96022ca8aedbd5dacbe2c2064fa10fd1

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/customloader_sanples/a5df54e4bae0676becd059fa023fbf7bebd89063c163c5692652fd506b022757	nsis_installer_2
static1/unpack001/customloader_sanples/c05c7ec4570bfc44e87f6e6efc83643b47a378bb088c53da4c5ecf7b93194dc6	nsis_installer_2

Files

customloader_sanples.zip
.zip
customloader_sanples/00dd94b80c0bcee74f7e34cf26ae3a7361db1729646de6744b4a308355fe0032
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customloader_sanples/157546ceec1ebe6fd4b1040258d7eb8eb48856ff623bc7cec20b0c87479a0f43
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customloader_sanples/15eb0acd5c58bb39c14f1be960dd3e1f462104acaafd13311f20e7ccd9c54489
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customloader_sanples/2124a1757769e8ac4525637aa8702f5891d9a3bf323b4e55155dc447390f421e
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customloader_sanples/2deaca4e59d93319dcf2e337e724b194589e2c0ba4a16c4a3f8da7c47b515826
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customloader_sanples/36fdc183f476169e6e087114b2f5108ae05ae6d9e7b3f6b1626d436f2dc5e69b
.exe windows x64

Code Sign

46:56:b9:46:be:f0:d3:85:4c:34:e2:c7:18:ed:b7:5b
Certificate

Issuer

CN=Autoradio Pioneer AVH-Z5250BT (black)

Not Before

04/06/2023, 10:30

Not After

05/06/2033, 10:30

Subject

CN=Autoradio Pioneer AVH-Z5250BT (black)

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b8:71:c1:38:ce:b6:ca:03:c9:1c:fc:48:cf:28:b2:97:4c:14:e5:2d:71:32:42:ae:21:f0:4a:25:6a:8a:7f:67
Signer

Actual PE Digest

b8:71:c1:38:ce:b6:ca:03:c9:1c:fc:48:cf:28:b2:97:4c:14:e5:2d:71:32:42:ae:21:f0:4a:25:6a:8a:7f:67

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customloader_sanples/3fb66e93d12abd992e94244ac7464474d0ff9156811a76a29a76dec0aa910f82
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customloader_sanples/5583ebe13c108dc773f183ab345fee5d3e04d98914ab64fa58253767041d6ead
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customloader_sanples/5ffed643de1bd53951c0672cff51b35636759de3ebeed4e699d22030dfa1ac7a
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customloader_sanples/6fc9b09adf6942876a361295cf5303927551df1df55974a76b7b551f7b509f03
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customloader_sanples/718c4380216748924ce096bc63f925e883c5e9c5c502440fbb953704aa4db104
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customloader_sanples/917731ffd70ae2de46cdd91f8ff2ae649a2eae6f8356772c250e071dd5b8efff
.iso
customloader_sanples/a5df54e4bae0676becd059fa023fbf7bebd89063c163c5692652fd506b022757
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customloader_sanples/c05c7ec4570bfc44e87f6e6efc83643b47a378bb088c53da4c5ecf7b93194dc6
.exe windows x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

24:a1:bd:17:60:51:ff:86:4d:01:88:12:f9:f2:30:4c
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19/04/2016, 00:00

Not After

22/05/2019, 23:59

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:02:17:0b:fb:3b:af:d9:29:8a:47:96:27:a0:0d:d2:3d:92:4e:04:bd:28:6b:78:d6:e4:72:29:e1:48:d2:37
Signer

Actual PE Digest

1d:02:17:0b:fb:3b:af:d9:29:8a:47:96:27:a0:0d:d2:3d:92:4e:04:bd:28:6b:78:d6:e4:72:29:e1:48:d2:37

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customloader_sanples/cc5a4a321bebe0b7d294721e1bc045080f5292e63261ff417c4d89bef7c56614
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customloader_sanples/d010d1633f727bd36cf99b85b2dfe1d5e0998edfb6e572622ef3b11255bebd69
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customloader_sanples/d354ccc9e60d12dbf9e92e157c867604395cac457d4134b56e72e86887ace493
customloader_sanples/d35c36d62c69cfca62a0f7183ffbeda6ea48db9b647b1338e2e27f340ddf61c8
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customloader_sanples/d772f15ec085212826ff1e3f84df4e025241c50a5a118f91b3bd2f8472b30e8a
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customloader_sanples/e9b89c91baf30931ff00e18e04d957edc7735cbc9e44eec035e8f395f6c4b6dd
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customloader_sanples/f9444e1a8981103b2dabd202f1870a73965c205749b471889855697254f76368
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customloader_sanples/fc21b89a48bb18b42b6831e01a41419b96022ca8aedbd5dacbe2c2064fa10fd1
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customloader_sanples/fe5970978974f60b2aece2b3b45aeeb0cf9ac0b3db6035d3fa030b782815ca33
.iso

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 12KB - Virtual size: 11KB

.rsrc Size: 2KB - Virtual size: 2KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 19KB - Virtual size: 19KB

.rsrc Size: 213KB - Virtual size: 212KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 68KB - Virtual size: 67KB

.sdata Size: 512B - Virtual size: 64B

.rsrc Size: 157KB - Virtual size: 156KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 21KB - Virtual size: 20KB

.rsrc Size: 2KB - Virtual size: 2KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 38KB - Virtual size: 37KB

.rsrc Size: 4KB - Virtual size: 3KB

Code Sign

46:56:b9:46:be:f0:d3:85:4c:34:e2:c7:18:ed:b7:5bCertificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

b8:71:c1:38:ce:b6:ca:03:c9:1c:fc:48:cf:28:b2:97:4c:14:e5:2d:71:32:42:ae:21:f0:4a:25:6a:8a:7f:67Signer

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 39KB - Virtual size: 38KB

.sdata Size: 512B - Virtual size: 64B

.rsrc Size: 228KB - Virtual size: 228KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 208KB - Virtual size: 207KB

.rsrc Size: 2KB - Virtual size: 2KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 8KB - Virtual size: 7KB

.rsrc Size: 5KB - Virtual size: 5KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 7KB - Virtual size: 7KB

.rsrc Size: 2KB - Virtual size: 2KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 29KB - Virtual size: 28KB

.rsrc Size: 2KB - Virtual size: 2KB

Headers

DLL Characteristics

File Characteristics

Sections

.text
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 19KB - Virtual size: 19KB

.rsrc
Size: 213KB - Virtual size: 212KB

.text
Size: 68KB - Virtual size: 67KB

.sdata
Size: 512B - Virtual size: 64B

.rsrc
Size: 157KB - Virtual size: 156KB

.text
Size: 21KB - Virtual size: 20KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 38KB - Virtual size: 37KB

.rsrc
Size: 4KB - Virtual size: 3KB

46:56:b9:46:be:f0:d3:85:4c:34:e2:c7:18:ed:b7:5b
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

b8:71:c1:38:ce:b6:ca:03:c9:1c:fc:48:cf:28:b2:97:4c:14:e5:2d:71:32:42:ae:21:f0:4a:25:6a:8a:7f:67
Signer

.text
Size: 39KB - Virtual size: 38KB

.sdata
Size: 512B - Virtual size: 64B

.rsrc
Size: 228KB - Virtual size: 228KB

.text
Size: 208KB - Virtual size: 207KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 29KB - Virtual size: 28KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 38KB - Virtual size: 37KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 39KB - Virtual size: 39KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

24:a1:bd:17:60:51:ff:86:4d:01:88:12:f9:f2:30:4c
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

1d:02:17:0b:fb:3b:af:d9:29:8a:47:96:27:a0:0d:d2:3d:92:4e:04:bd:28:6b:78:d6:e4:72:29:e1:48:d2:37
Signer

.text
Size: 94KB - Virtual size: 94KB

.sdata
Size: 512B - Virtual size: 488B

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 2KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 2KB - Virtual size: 2KB