loader[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

loader.dll
Size

1.3MB
MD5

76bbd93eb4503028afa28697db297d5e
SHA1

6bdccdd1eb41d718c45fe4978866777ad46c608c
SHA256

03ec9728a54a164dbb9ecb70e945937c242c6e21cdb7cc0fb7856aeb784114ab
SHA512

67edc32ca77c6dae1ebc25565472f04844e19bf952367f0f49ed16285b1440a84af4585e4fa8a802e864a8525ef625287aff655b2b74d5a127cc73621832cd7c
SSDEEP

24576:BELdHB/vyIPhynivCLFEzvk3oooCMStVc8rUmw/:BELfZvzvk3DoCMS3nrUmw/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
loader.dll

Files

loader.dll
.dll windows:6 windows x86

750d1bf4e8f9b206beba7fe829869bfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

d3d9

Direct3DCreate9

kernel32

GetCurrentThread
GetModuleFileNameA
GetModuleHandleW
LoadLibraryExW
LoadLibraryW
SetDllDirectoryW
CopyFileW
MoveFileW
GetCommandLineA
GetCommandLineW
CloseHandle
GetLastError
SetErrorMode
WaitForSingleObject
GetExitCodeProcess
ResumeThread
FreeLibrary
GetProcAddress
LoadLibraryExA
LoadLibraryA
K32EnumProcessModules
K32GetModuleFileNameExW
K32GetProcessMemoryInfo
VerSetConditionMask
GetCurrentDirectoryW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesA
GetFullPathNameW
GetLongPathNameW
GetShortPathNameW
ReadFile
GetTempPathW
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThreadId
OpenProcess
GetSystemTime
GetLocalTime
GetModuleFileNameW
GlobalAlloc
GlobalUnlock
GlobalLock
GetDiskFreeSpaceExW
FormatMessageW
VerifyVersionInfoW
SetFileAttributesW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetDiskFreeSpaceExA
GetLogicalDriveStringsW
QueryDosDeviceW
CreateMutexA
GetExitCodeThread
GetSystemTimeAsFileTime
GetVersionExA
FileTimeToSystemTime
K32EnumProcesses
K32GetProcessImageFileNameW
Process32First
Process32Next
CreateProcessW
LocalAlloc
CreateProcessA
GetSystemDirectoryW
lstrcmpW
ExpandEnvironmentStringsW
lstrcmpA
OutputDebugStringW
DeleteFileW
CreateFileW
CreateDirectoryW
SetCurrentDirectoryW
SetDllDirectoryA
Sleep
GetModuleHandleA
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetStdHandle
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
RemoveDirectoryW
GetFileAttributesW
MoveFileA
IsWow64Process
TerminateProcess
ExitProcess
GetCurrentProcessId
GetCurrentProcess
RemoveDirectoryA
SetCurrentDirectoryA
MoveFileExW
SetFileAttributesA
LocalFree
HeapAlloc
HeapFree
WriteConsoleW
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
RaiseException
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetStringTypeW
AreFileApisANSI
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
IsDBCSLeadByte
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FoldStringW
CreateEventW
SetThreadPriority
SetThreadExecutionState
GetVersionExW
SetEvent
ResetEvent
ReleaseSemaphore
CreateSemaphoreW
CreateThread
GetProcessAffinityMask
SetFileTime
DeviceIoControl
GetStdHandle
FlushFileBuffers
GetFileType
SetEndOfFile
SetFilePointer
WriteFile
GetConsoleMode
CreateHardLinkW
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
WaitForSingleObjectEx
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx

user32

ShowWindow
SetWindowPos
CharToOemBuffW
DestroyWindow
PostMessageA
SendMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA
GetWindowInfo
EnumThreadWindows
MessageBoxW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
FindWindowA
GetWindowRect
GetWindowTextA
SetWindowTextW
SetForegroundWindow
GetSystemMetrics
SendDlgItemMessageA
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItem
CreateDialogParamW
CreateDialogParamA
CharToOemA
OemToCharA
OemToCharBuffA
CharUpperW
CharLowerW

gdi32

AddFontResourceExW
RemoveFontResourceExW

advapi32

RegDeleteValueW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegFlushKey
RegDeleteKeyA
RegCreateKeyExW
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityW

shell32

SHOpenFolderAndSelectItems
ShellExecuteW
SHGetFolderPathA
ord190
CommandLineToArgvW
ShellExecuteA
SHFileOperationW
ShellExecuteExW
SHGetMalloc
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
ord155

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

oleaut32

VariantClear
SysAllocStringByteLen
SysStringLen
SysAllocString
VariantChangeType
SysFreeString

shlwapi

PathGetDriveNumberW
PathBuildRootW

winmm

timeGetTime

version

VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust

Exports

Exports

DoWinMain
GetLibMtaVersion

Sections

.text
Size: 761KB - Virtual size: 760KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

750d1bf4e8f9b206beba7fe829869bfd

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

winmm

version

wintrust

Exports

Exports

Sections

.text Size: 761KB - Virtual size: 760KB

.rdata Size: 119KB - Virtual size: 118KB

.data Size: 9KB - Virtual size: 40KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 376KB - Virtual size: 376KB

.reloc Size: 38KB - Virtual size: 37KB

.text
Size: 761KB - Virtual size: 760KB

.rdata
Size: 119KB - Virtual size: 118KB

.data
Size: 9KB - Virtual size: 40KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 376KB - Virtual size: 376KB

.reloc
Size: 38KB - Virtual size: 37KB