loader[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

loader.exe
Size

15.8MB
MD5

4f067dd4e2f4392f1e673a59befe734c
SHA1

cbe49fa4aad5c4da63340bc02060746d8bc5c068
SHA256

f3c3f4688359d07ef6575f8bbf2bb72d5a2350e0ebaec9211bda3b37dac88cff
SHA512

8eae74f867e5320443fb1605662bf07453415eb291ee1e2da51440c8358d4c36ce282f375240bf13037e75a7286779f7e7521acbd52ade0f33dbcdd121ec6990
SSDEEP

98304:2whAB5xYT1wVpP+SzFSCVfhx9REwRKKrNsHMcnqaC45+ceexZdC4aXaxuKsK6C00:2whAB5OD25bMnqafw4aXaxujKEZT6H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
loader.exe

Files

loader.exe
.exe windows:6 windows x64

5431e2b6fa5e0306c1f1455da8b7ca1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlGetVersion
RtlVirtualUnwind
NtCancelIoFileEx
NtDeviceIoControlFile
RtlGetNtVersionNumbers
RtlCaptureContext
RtlLookupFunctionEntry
NtReadFile
NtWriteFile
NtQuerySystemInformation
NtResumeProcess
NtSuspendProcess
RtlNtStatusToDosError
NtCreateFile
NtQueryInformationProcess

kernel32

LoadLibraryExW
DuplicateHandle
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetSystemInfo
TryAcquireSRWLockShared
FormatMessageW
FreeLibrary
GetLogicalProcessorInformationEx
GetCurrentProcessId
GetDriveTypeW
CreateEventA
CreateFileW
GetDiskFreeSpaceExW
DeviceIoControl
GetProcessTimes
GetTickCount64
GlobalMemoryStatusEx
GetLogicalDrives
HeapAlloc
HeapFree
GetProcessHeap
Thread32Next
Thread32First
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetComputerNameExW
GetProcessIoCounters
GetModuleFileNameW
LocalFree
VirtualQueryEx
GetModuleHandleA
VirtualProtect
WaitForSingleObject
GetExitCodeProcess
GetProcessId
GetCurrentProcess
GetCurrentThreadId
OpenThread
ReadProcessMemory
GetLastError
VirtualProtectEx
ResumeThread
OpenProcess
GetThreadContext
SuspendThread
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetProcAddress
LoadLibraryA
AcquireSRWLockShared
CloseHandle
GetSystemTimes
ReleaseSRWLockShared
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
Sleep
AcquireSRWLockExclusive
GlobalLock
GlobalSize
GetSystemTimeAsFileTime
GlobalAlloc
TlsSetValue
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
TlsGetValue
UnhandledExceptionFilter
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
WriteConsoleW
GetFileAttributesW
CreateProcessW
GlobalUnlock
GetWindowsDirectoryW
GetSystemDirectoryW
CreateNamedPipeW
GetFullPathNameW
ExitProcess
GetFinalPathNameByHandleW
SetThreadContext
FindFirstFileW
GetFileInformationByHandleEx
GetFileInformationByHandle
FindNextFileW
HeapReAlloc
WakeConditionVariable
WakeAllConditionVariable
ReadFileEx
SleepEx
WriteFileEx
GetStdHandle
SetFilePointerEx
GetCommandLineW
GetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
SwitchToThread
SetThreadStackGuarantee
CompareStringOrdinal
SleepConditionVariableSRW
FindClose
FreeEnvironmentStringsW
InitializeSListHead
IsDebuggerPresent
GetUserPreferredUILanguages
GetConsoleMode
SetHandleInformation
CreateMutexA
WaitForSingleObjectEx
GetCurrentThread
ReleaseMutex
SetThreadErrorMode
GetVolumeInformationW
RemoveVectoredExceptionHandler
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleHandleW
CreateIoCompletionPort
GetQueuedCompletionStatusEx
AddVectoredExceptionHandler
PostQueuedCompletionStatus
SetFileCompletionNotificationModes

user32

GetDC
RegisterRawInputDevices
SetClipboardData
EmptyClipboard
GetClipboardData
GetRawInputData
PostThreadMessageW
CreateIcon
CloseClipboard
OpenClipboard
MonitorFromPoint
GetKeyState
RegisterWindowMessageA
PeekMessageW
GetKeyboardState
DefWindowProcW
GetUpdateRect
RedrawWindow
GetKeyboardLayout
PostMessageW
ToUnicodeEx
DestroyIcon
ScreenToClient
ClientToScreen
GetWindowRect
ShowCursor
GetClipCursor
ClipCursor
IsIconic
MsgWaitForMultipleObjectsEx
GetMenu
IsProcessDPIAware
SetWindowLongPtrW
SetCapture
ShowWindow
SendMessageW
SetWindowLongW
MessageBoxA
GetSystemMenu
ValidateRect
EnableMenuItem
GetWindowLongW
AdjustWindowRectEx
SystemParametersInfoA
DestroyWindow
MonitorFromRect
SetWindowTextW
MapVirtualKeyW
SendInput
SetForegroundWindow
TrackMouseEvent
LoadCursorW
SetCursor
GetTouchInputInfo
CloseTouchInputHandle
GetCursorPos
MonitorFromWindow
GetMonitorInfoW
GetWindowThreadProcessId
FindWindowA
IsWindowVisible
ReleaseCapture
GetForegroundWindow
GetActiveWindow
SetWindowPlacement
GetWindowPlacement
ChangeDisplaySettingsExW
SetWindowPos
SetWindowsHookExA
RegisterTouchWindow
GetSystemMetrics
InvalidateRgn
SetWindowDisplayAffinity
GetWindowLongPtrW
CreateWindowExW
RegisterClassExW
DispatchMessageW
TranslateMessage
GetMessageW
MapVirtualKeyA
FlashWindowEx
GetClientRect
MessageBoxW

ole32

CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
OleInitialize
CoInitializeEx
CoUninitialize
RevokeDragDrop
RegisterDragDrop

gdi32

GetDeviceCaps
DeleteObject
StretchDIBits
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
SysAllocStringLen
SysAllocString
VariantClear
SysFreeString
SysStringLen

advapi32

GetUserNameW
RegQueryValueExW
LookupAccountSidW
SystemFunction036
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
CopySid
GetLengthSid
RegCloseKey
IsValidSid

pdh

PdhGetFormattedCounterValue
PdhOpenQueryA
PdhCollectQueryData
PdhRemoveCounter
PdhCloseQuery
PdhAddEnglishCounterW

powrprof

CallNtPowerInformation

shell32

DragFinish
CommandLineToArgvW
DragQueryFileW

iphlpapi

GetIfEntry2
FreeMibTable
GetIfTable2
GetAdaptersAddresses

netapi32

NetUserEnum
NetUserGetInfo
NetUserGetLocalGroups
NetApiBufferFree

secur32

LsaEnumerateLogonSessions
LsaGetLogonSessionData
LsaFreeReturnBuffer

ws2_32

getaddrinfo
getpeername
connect
freeaddrinfo
getsockname
WSAGetLastError
closesocket
WSASocketW
WSACleanup
WSAStartup
bind
ioctlsocket
getsockopt
shutdown
recv
send
WSASend
setsockopt
WSAIoctl

winmm

timeGetDevCaps
timeEndPeriod
timeBeginPeriod

imm32

ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetContext
ImmReleaseContext

uxtheme

SetWindowTheme

d3dcompiler_47

D3DCompile

bcrypt

BCryptGenRandom

userenv

GetUserProfileDirectoryW

psapi

GetModuleFileNameExA
GetModuleBaseNameW
GetModuleFileNameExW
GetPerformanceInfo

vcruntime140

__current_exception_context
__CxxFrameHandler3
memcpy
memcmp
__current_exception
__C_specific_handler
_CxxThrowException
memset
memmove

api-ms-win-crt-math-l1-1-0

cosf
tanf
fmodf
acosf
pow
floorf
__setusermatherr
tan
cos
floor
trunc
fmaf
exp2
expf
sinf
roundf
sin
round
ceil
exp2f
powf
truncf
acos
ceilf
atan2
fmod

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
free

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_initialize_onexit_table
_register_onexit_function
_crt_atexit
strerror

api-ms-win-crt-string-l1-1-0

wcslen
strlen

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 11.3MB - Virtual size: 11.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 475KB - Virtual size: 474KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5431e2b6fa5e0306c1f1455da8b7ca1d

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

ole32

gdi32

dwmapi

oleaut32

advapi32

pdh

powrprof

shell32

iphlpapi

netapi32

secur32

ws2_32

winmm

imm32

uxtheme

d3dcompiler_47

bcrypt

userenv

psapi

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 11.3MB - Virtual size: 11.3MB

.rdata Size: 3.9MB - Virtual size: 3.9MB

.data Size: 17KB - Virtual size: 19KB

.pdata Size: 475KB - Virtual size: 474KB

.reloc Size: 62KB - Virtual size: 62KB

.text
Size: 11.3MB - Virtual size: 11.3MB

.rdata
Size: 3.9MB - Virtual size: 3.9MB

.data
Size: 17KB - Virtual size: 19KB

.pdata
Size: 475KB - Virtual size: 474KB

.reloc
Size: 62KB - Virtual size: 62KB