zloader | 0c1b74345e0300233db0396f78ca121e7589deda31b7bc455baa476274e3f2e5

Resubmissions

10-08-2023 16:28

230810-tyxv2afa37 10

04-10-2021 11:41

211004-ntvbfsgceq 10

Sharing

Copy URL

Twitter E-mail

General

Target

0c1b74345e0300233db0396f78ca121e7589deda31b7bc455baa476274e3f2e5
Size

146KB
MD5

b42aa0c217dfeb5a86f140afa512a2c1
SHA1

575ebd278b6104dd2cc9f3871ada6cfd61c3a8f7
SHA256

0c1b74345e0300233db0396f78ca121e7589deda31b7bc455baa476274e3f2e5
SHA512

14e0681a733aa812303c241aa38d13d33b1f9817d8bef6ad0c9b6a423ae433633772021244c17bac278468fca508a76dfd9c64993d89df69b6317f2be21707a6
SSDEEP

3072:BHIbLRDJ1YGzRXczG9Nw5pwfhcMVd8v86jdbG42UO5LXrMUJKKMEK62Yi:BHcLRDz/czG9Mp2hcGd8vvjFG42PhMzi

Score

10^/10

-dan web7-dan zloader

Malware Config

Extracted

Family

zloader

Botnet

-dan

Campaign

web7-dan

https://45.72.3.132/web7643/gate.php

Attributes

build_id
929195383

rc4.plain

Signatures

Zloader family
zloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c1b74345e0300233db0396f78ca121e7589deda31b7bc455baa476274e3f2e5

Files

0c1b74345e0300233db0396f78ca121e7589deda31b7bc455baa476274e3f2e5
.exe windows x86

8dba73fc79b40529ce9d0afaecd2a713

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CompareFileTime
CreateEventW
EnterCriticalSection
ExpandEnvironmentStringsW
FileTimeToSystemTime
FlushFileBuffers
GetCPInfo
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetProcAddress
GetStdHandle
GetStringTypeW
GetSystemTime
GetTempPathA
GetTimeFormatW
GetVersion
GlobalAlloc
HeapAlloc
HeapReAlloc
IsValidLocale
SetEndOfFile
SetEvent
SetHandleCount
SystemTimeToFileTime
VirtualFree
WaitForSingleObject
WideCharToMultiByte
lstrcmpW

advapi32

GetTokenInformation

shlwapi

PathAddBackslashW

shell32

CommandLineToArgvW
ShellAboutW

user32

CallWindowProcW
CharNextA
CheckMenuItem
CheckMenuRadioItem
CheckRadioButton
ClientToScreen
CreateDialogParamW
DefWindowProcW
DrawIconEx
DrawTextW
EnableMenuItem
EqualRect
FillRect
GetClassNameW
GetClientRect
GetDC
GetMenuState
GetNextDlgTabItem
GetParent
GetProcessDefaultLayout
GetSysColorBrush
GetWindowLongW
GetWindowRect
InflateRect
InsertMenuItemW
IsDialogMessageW
IsIconic
KillTimer
LoadAcceleratorsW
LoadCursorW
LoadIconA
LoadImageW
MapWindowPoints
MoveWindow
OffsetRect
RegisterClassA
ReleaseCapture
ReleaseDC
SetDlgItemTextW
SetMenuItemInfoW
SetPropW
SetWindowPos
SetWindowTextW
ShowWindow
UnregisterClassW

gdi32

CreateCompatibleBitmap
CreateDIBSection
CreateRectRgn
DeleteObject
EndDoc
EndPage
EqualRgn
ExtCreatePen
GetObjectA
GetObjectW
GetRgnBox
GetTextExtentPointW
MoveToEx
SelectObject
SetMapMode
StartDocA

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

8dba73fc79b40529ce9d0afaecd2a713

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

shell32

user32

gdi32

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 11KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 11KB

.reloc
Size: 9KB - Virtual size: 9KB