esm-ldr[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

esm-ldr.exe
Size

5.2MB
MD5

690577d9eac78f46905ed61eff392e30
SHA1

f98965ef3e8010a984e22473c6d39fb6918efd87
SHA256

b0362437448adc2dc9644fd390261aefaba9b5276e057f465e1cae73a0af73c7
SHA512

2250fa0e251226c07d86aa984c978a0b0fde2f2d3027bbd708859943c3dfa5831a9bf9c003ad208eae044177f6c8b767997b335bf139d9d9d5075dff458f6e8a
SSDEEP

49152:v2VkZ5aubKH7HN4jii7FgmT5yVkKnLYlBPdsBpV88JdAUcoRzhlCB9eZYtTa35:v2VkAN4OCgGyiKnzpVdRzhlCB4ZYIJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
esm-ldr.exe

Files

esm-ldr.exe
.exe windows:6 windows x64

6842ceaafd1274c37afce2338401bbd6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetUserDefaultUILanguage
lstrlenW
TryAcquireSRWLockExclusive
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
CreateThread
WriteConsoleW
MultiByteToWideChar
LoadLibraryA
GetFullPathNameW
ExitProcess
LoadLibraryW
GetFinalPathNameByHandleW
FindFirstFileW
GetCurrentThreadId
CloseHandle
CreateDirectoryW
GetFileInformationByHandleEx
CreateFileW
CreateMutexA
WaitForSingleObjectEx
AcquireSRWLockShared
HeapReAlloc
QueryPerformanceFrequency
SleepConditionVariableSRW
QueryPerformanceCounter
WakeConditionVariable
WakeAllConditionVariable
GetFileAttributesW
GetModuleFileNameW
GetLastError
OutputDebugStringA
OutputDebugStringW
InitializeSListHead
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
LoadLibraryExW
SetUnhandledExceptionFilter
ReleaseSRWLockExclusive
FreeLibrary
GetEnvironmentVariableW
ReleaseSRWLockShared
GetSystemInfo
LCIDToLocaleName
GetTempPathW
TerminateProcess
GetProcessHeap
HeapFree
HeapAlloc
WaitForSingleObject
FormatMessageW
Sleep
GetModuleHandleA
GetFileInformationByHandle
GetConsoleMode
IsProcessorFeaturePresent
GetCurrentProcessId
GetStdHandle
ReleaseMutex
FindClose
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
SetEnvironmentVariableW
AcquireSRWLockExclusive
GetCommandLineW

user32

DispatchMessageW
SetForegroundWindow
TranslateMessage
TranslateAcceleratorW
GetAncestor
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
PostQuitMessage
SendInput
AppendMenuW
CreateMenu
SetMenuItemInfoW
SetWindowDisplayAffinity
SetWindowLongW
GetSystemMenu
ShowWindow
CheckMenuItem
MonitorFromRect
TrackMouseEvent
GetWindowLongW
EnableMenuItem
MonitorFromPoint
EnumDisplayMonitors
SendMessageW
CreateAcceleratorTableW
GetMessageW
DestroyAcceleratorTable
ToUnicodeEx
VkKeyScanW
GetKeyState
GetAsyncKeyState
GetCursorPos
GetKeyboardLayout
GetClientRect
ClientToScreen
GetTouchInputInfo
ScreenToClient
MapVirtualKeyW
MonitorFromWindow
GetUpdateRect
PostMessageW
CreateIcon
GetRawInputData
SetWindowPos
IsProcessDPIAware
GetDC
GetMessageA
CloseTouchInputHandle
SetCursor
PeekMessageW
PostThreadMessageW
ValidateRect
GetMonitorInfoW
SystemParametersInfoA
GetWindowLongPtrW
IsWindowVisible
ClipCursor
GetClipCursor
ShowCursor
AdjustWindowRectEx
GetMenu
GetWindowRect
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterClassExW
RegisterWindowMessageA
RedrawWindow
DispatchMessageA
DefWindowProcW
EnumChildWindows
DestroyWindow
MapVirtualKeyExW
FlashWindowEx
SetCursorPos
GetForegroundWindow
GetActiveWindow
IsIconic
SetMenu
ReleaseCapture
DestroyIcon
GetKeyboardState
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
LoadCursorW
InvalidateRgn
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW

comctl32

RemoveWindowSubclass
DefSubclassProc
SetWindowSubclass

ole32

CoTaskMemFree
RegisterDragDrop
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
OleInitialize
CoInitializeEx
CoTaskMemAlloc
RevokeDragDrop

shell32

DragFinish
ShellExecuteW
DragQueryFileW
SHGetKnownFolderPath
SHAppBarMessage

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

uxtheme

SetWindowTheme

advapi32

EventSetInformation
EventRegister
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegGetValueW
EventUnregister
EventWriteTransfer
SystemFunction036

bcrypt

BCryptGenRandom

oleaut32

SysFreeString
SetErrorInfo
GetErrorInfo
SysStringLen

ntdll

RtlNtStatusToDosError
NtWriteFile

vcruntime140

wcsrchr
__std_exception_destroy
__std_exception_copy
__current_exception_context
__current_exception
__C_specific_handler
_CxxThrowException
_purecall
__CxxFrameHandler3
memset
memmove
memcpy
memcmp

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-math-l1-1-0

floor
round
pow
trunc
__setusermatherr

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcslen

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-runtime-l1-1-0

_c_exit
_cexit
_configure_narrow_argv
_initialize_narrow_environment
_set_app_type
_seh_filter_exe
_get_initial_narrow_environment
_initterm
_register_thread_local_exe_atexit_callback
__p___argv
_register_onexit_function
terminate
_initialize_onexit_table
_crt_atexit
_initterm_e
exit
_exit
__p___argc

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
_callnewh
free

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6842ceaafd1274c37afce2338401bbd6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

ole32

shell32

gdi32

dwmapi

uxtheme

advapi32

bcrypt

oleaut32

ntdll

vcruntime140

vcruntime140_1

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 1024B - Virtual size: 4KB

.pdata Size: 162KB - Virtual size: 162KB

.rsrc Size: 86KB - Virtual size: 85KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 1024B - Virtual size: 4KB

.pdata
Size: 162KB - Virtual size: 162KB

.rsrc
Size: 86KB - Virtual size: 85KB

.reloc
Size: 27KB - Virtual size: 27KB