Static task
static1
General
-
Target
loader.bin.exe
-
Size
5.7MB
-
MD5
fd2d84bee10bbccb7b590e1025752873
-
SHA1
c0fbb34903a19dcf4591ba7f88c3995d183fefe8
-
SHA256
1bb662d598172326e5ddd54f879bae3a6fea58742af0f44bd3934003da625384
-
SHA512
87ed02ad109845b34f8f70237a2e3a51f607dac89e795f1c3b5fad019630c2a2756c2be51c7f25e04c2d4246b68803ef2b43c002155a3d660a2f66911c891add
-
SSDEEP
98304:3453W8vYIC+RgZkKIXfEIeYUAlLc3A6fv4i/NTJVLpxrOw1xitse3Jk9yfPDnmY:o53W83p5XfEI5WNn4QNtVLXrOw2TSsfS
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource loader.bin.exe
Files
-
loader.bin.exe.exe windows:6 windows x64
e8918470006188a2ec6edd20dcec679f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ws2_32
send
recv
WSAGetLastError
closesocket
htons
WSAStartup
inet_addr
socket
connect
htonl
ntohl
gethostname
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
accept
WSACleanup
inet_pton
WSAIoctl
setsockopt
ntohs
getsockopt
getsockname
getpeername
bind
WSASetLastError
select
__WSAFDIsSet
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
kernel32
WideCharToMultiByte
GetModuleHandleA
GetProcAddress
FindFirstFileA
EnterCriticalSection
FindNextFileA
LeaveCriticalSection
FindClose
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
VirtualFree
GetProcessHeap
MultiByteToWideChar
InitializeCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetStdHandle
GetFileType
ReadFile
HeapReAlloc
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoW
GetFileSizeEx
DeleteCriticalSection
HeapDestroy
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
RaiseException
VirtualAlloc
DeleteFileA
LockResource
CreateFileA
GetFileAttributesA
GetLastError
HeapSize
LCIDToLocaleName
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
GetThreadLocale
WriteFile
HeapFree
MoveFileA
SizeofResource
GetModuleFileNameA
GetSystemTimePreciseAsFileTime
GetCurrentProcessId
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
FormatMessageW
SetLastError
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
SleepEx
Sleep
PeekNamedPipe
GetTickCount
user32
GetSystemMetrics
GetDesktopWindow
TranslateMessage
DispatchMessageA
PeekMessageA
gdi32
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
StretchBlt
GetDIBits
DeleteDC
SetStretchBltMode
CreateDCA
advapi32
CryptCreateHash
CryptGetHashParam
CryptAcquireContextA
CryptGenRandom
CryptAcquireContextW
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptEncrypt
ole32
CLSIDFromString
CreateStreamOnHGlobal
GetHGlobalFromStream
msvcp140
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Facet_base@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
_Strxfrm
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@D@std@@2V0locale@2@A
?_Xoverflow_error@std@@YAXPEBD@Z
_Strcoll
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
_Mtx_init_in_situ
??_7facet@locale@std@@6B@
_Mtx_destroy_in_situ
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$numpunct@D@std@@2V0locale@2@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exceptions@std@@YAHXZ
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??_7_Facet_base@std@@6B@
_Xtime_get_ticks
_Query_perf_counter
_Thrd_sleep
?_Random_device@std@@YAIXZ
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_lock
_Mtx_unlock
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Query_perf_frequency
wininet
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
gdiplus
GdipSaveImageToStream
GdipFree
GdiplusStartup
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipCloneImage
crypt32
CryptDecodeObjectEx
CertFindExtension
CryptStringToBinaryA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
PFXImportCertStore
CertOpenStore
CryptUnprotectData
CertGetNameStringA
CertAddCertificateContextToStore
vcruntime140_1
__CxxFrameHandler4
vcruntime140
_CxxThrowException
__current_exception_context
__current_exception
strstr
strchr
__C_specific_handler
_purecall
__std_exception_copy
__std_exception_destroy
memchr
memcmp
memmove
strrchr
memcpy
memset
api-ms-win-crt-heap-l1-1-0
_callnewh
_set_new_mode
malloc
realloc
free
calloc
api-ms-win-crt-runtime-l1-1-0
_c_exit
__p___argv
__p___argc
_initterm_e
exit
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_beginthreadex
_cexit
_register_thread_local_exe_atexit_callback
_crt_atexit
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_getpid
terminate
system
__sys_nerr
_errno
__sys_errlist
_invalid_parameter_noinfo
_exit
api-ms-win-crt-stdio-l1-1-0
fseek
__stdio_common_vfprintf
fopen
_get_stream_buffer_pointers
fputs
_fseeki64
fread
fsetpos
__stdio_common_vsprintf
__stdio_common_vsscanf
ungetc
_popen
__acrt_iob_func
_close
_write
fputc
setvbuf
fgetpos
_read
fwrite
__p__commode
_set_fmode
fgets
_lseeki64
__stdio_common_vsnprintf_s
_open
feof
fgetc
_pclose
__stdio_common_vsprintf_s
ftell
fclose
fflush
api-ms-win-crt-math-l1-1-0
_dsign
__setusermatherr
_ldsign
_fdsign
pow
ceilf
_dclass
_fdclass
_ldclass
ceil
log
api-ms-win-crt-convert-l1-1-0
strtoull
strtol
strtoul
wcstombs
strtoll
atoi
strtod
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
localeconv
api-ms-win-crt-string-l1-1-0
isupper
tolower
isspace
strspn
strncpy
strncmp
strcspn
toupper
_strdup
strcmp
strpbrk
api-ms-win-crt-filesystem-l1-1-0
_stat64
_access
_fstat64
_stat64i32
_unlink
_lock_file
_unlock_file
api-ms-win-crt-time-l1-1-0
_gmtime64
_get_tzname
_time64
strftime
_localtime64
api-ms-win-crt-environment-l1-1-0
_dupenv_s
getenv
api-ms-win-crt-utility-l1-1-0
qsort
Sections
.text Size: 978KB - Virtual size: 977KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 215KB - Virtual size: 215KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.samk0 Size: 4.5MB - Virtual size: 4.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ