loader_new[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

loader_new.exe
Size

12.7MB
MD5

3037b8480863a281ddbd1d19fb0d4d44
SHA1

a76efbcb6feb38e6a8a3f49471abc4434081fce9
SHA256

e323883ad69bfd506f124b99d34ddaba3467212892be6ce0a44a32e04e422e20
SHA512

07c590acf0ebbf9597dbc337ef15c00916dd261ddb02834d81bfce91c3b9e9c3cde2f6201dd4dd69565f0fd06c0af7315ec95d6331166432d03e186495ec1652
SSDEEP

393216:UzjZosdPKBxF4MbJvppkmLCuhBC4V5UQK/Yww6mArtr:ordPkxbJv/X+Bw6mk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
loader_new.exe

Files

loader_new.exe
.exe windows:6 windows x64

Password: 20WMN-3VLMN-YMBSI-YMHOD

95e6576bda89b11ef3db43e52852d2c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

gui

?SetInjectCalback@GUIWrapper@@QEAAXP6AIPEAX@Z@Z
?SetUserData@GUIWrapper@@QEAAXPEBD00@Z
?SetLoginStatus@GUIWrapper@@QEAAXW4LoginStatus@@@Z
?ChangeDialog@GUIWrapper@@QEAAXW4Dialogs@@@Z
?SetVersion@GUIWrapper@@QEAAXPEBD@Z
?SetToken@GUIWrapper@@QEAAXPEBD@Z
?SetLoginCallback@GUIWrapper@@QEAAXP6AXPEBD_N@Z@Z
?Worker@GUIWrapper@@QEAAXXZ
?SetStatusBar@GUIWrapper@@QEAAXPEBD@Z
?MessageBoxW@GUIWrapper@@QEAAHPEBD00@Z

ws2_32

WSAStringToAddressW
send
recv
__WSAFDIsSet
accept
bind
WSAIoctl
closesocket
WSASend
select
listen
WSAStartup
WSAGetLastError
getnameinfo
htons
htonl
ntohs
WSASocketW
getsockname
connect
WSARecv
getsockopt
WSACleanup
WSASetLastError
ntohl
setsockopt
ioctlsocket

kernel32

RtlPcToFileHeader
CreateMutexW
OpenProcess
GetLastError
QueryFullProcessImageNameA
CloseHandle
K32GetModuleBaseNameA
RaiseException
K32GetModuleInformation
GetProcAddress
GetModuleHandleW
IsBadReadPtr
EnterCriticalSection
LeaveCriticalSection
PostQueuedCompletionStatus
GetTickCount64
TlsAlloc
LocalFree
TlsFree
FormatMessageA
Sleep
Beep
ExitProcess
SizeofResource
VirtualFree
WriteFile
VirtualAlloc
GetTempPathW
CreateFileW
GetFileAttributesW
FreeResource
LockResource
LoadResource
FindResourceW
GetCurrentProcessId
GetTickCount
LoadLibraryW
DeviceIoControl
GetCurrentProcess
ReadFile
CreateFileA
GetFileSize
SetWaitableTimer
TlsSetValue
SetLastError
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
WaitForSingleObject
CreateEventW
MultiByteToWideChar
SetEvent
TerminateThread
QueueUserAPC
DeleteCriticalSection
VerSetConditionMask
SleepEx
VerifyVersionInfoW
TlsGetValue
CreateIoCompletionPort
GetModuleHandleExW
CreateWaitableTimerW
GetCurrentThreadId
GetStdHandle
GetFileType
SwitchToFiber
DeleteFiber
CreateFiber
WideCharToMultiByte
GetSystemTime
SystemTimeToFileTime
QueryPerformanceCounter
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
GetModuleFileNameA
FindFirstFileW
FindNextFileW
FreeLibrary
LoadLibraryA
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ResetEvent
GetCPInfo
GetStringTypeW
WriteConsoleW
HeapSize
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
IsDebuggerPresent
HeapReAlloc
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapFree
GetConsoleOutputCP
FlushFileBuffers
HeapAlloc
SetFilePointerEx
GetFileSizeEx
GetModuleFileNameW
IsProcessorFeaturePresent
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
CreateThread
SetConsoleCtrlHandler
RtlUnwind
LoadLibraryExW
RtlUnwindEx
FindClose
SetStdHandle
InitializeSListHead
GetStartupInfoW
GetLocaleInfoEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentDirectoryW
FindFirstFileExW
GetFileInformationByHandle
GetFullPathNameW
SetFileInformationByHandle
AreFileApisANSI
GetFileInformationByHandleEx
WaitForSingleObjectEx
QueryPerformanceFrequency
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
HeapAlloc
HeapFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
FlsSetValue
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlUnwindEx
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

advapi32

CryptExportKey
EnumServicesStatusW
OpenProcessToken
OpenSCManagerW
CloseServiceHandle
LookupPrivilegeValueW
RegCloseKey
RegOpenKeyW
RegCreateKeyW
RegSetValueExW
RegDeleteKeyW
AdjustTokenPrivileges
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
GetTokenInformation
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey

ole32

CoInitializeEx

oleaut32

VariantClear

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

ntdll

RtlConvertSidToUnicodeString
RtlGetVersion
RtlCompareUnicodeString
RtlFreeAnsiString
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
RtlInitAnsiString
RtlFreeUnicodeString

wtsapi32

WTSFreeMemory
WTSSendMessageA
WTSEnumerateSessionsA

iphlpapi

GetAdaptersInfo

bcrypt

BCryptGenRandom

Sections

.text
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.boot0
Size: - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.boot1
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot2
Size: 12.7MB - Virtual size: 12.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 9.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 20WMN-3VLMN-YMBSI-YMHOD

95e6576bda89b11ef3db43e52852d2c9

Headers

DLL Characteristics

File Characteristics

Imports

gui

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

crypt32

ntdll

wtsapi32

iphlpapi

bcrypt

Sections

.text Size: - Virtual size: 1.7MB

.rdata Size: - Virtual size: 676KB

.data Size: - Virtual size: 55KB

.pdata Size: - Virtual size: 103KB

_RDATA Size: - Virtual size: 348B

.boot0 Size: - Virtual size: 4.2MB

.boot1 Size: 4KB - Virtual size: 3KB

.boot2 Size: 12.7MB - Virtual size: 12.7MB

.rsrc Size: 3KB - Virtual size: 9.8MB

.text
Size: - Virtual size: 1.7MB

.rdata
Size: - Virtual size: 676KB

.data
Size: - Virtual size: 55KB

.pdata
Size: - Virtual size: 103KB

_RDATA
Size: - Virtual size: 348B

.boot0
Size: - Virtual size: 4.2MB

.boot1
Size: 4KB - Virtual size: 3KB

.boot2
Size: 12.7MB - Virtual size: 12.7MB

.rsrc
Size: 3KB - Virtual size: 9.8MB