zloader | zloader 2_1[.]0[.]6[.]0[.]vir

Resubmissions

16-11-2023 20:27

231116-y8gzsage5v 10

19-07-2020 19:22

200719-j3qdf4g92x 10

Sharing

Copy URL

Twitter E-mail

General

Target

zloader 2_1.0.6.0.vir
Size

141KB
MD5

a74a0a84a2ed0674e540ac9aa4405638
SHA1

6ea4c0b33b660908b6032252c345c1936364390e
SHA256

58afcdc59220bd54561c650d1c9f1ebed87e517dc747dfc7d243bd19708b7222
SHA512

a7dc0515208a02ebaec31b39c74bcf366ea2deaac7f7bbbe2b748273c53868144dec8e129f909a8b5d46c0598db384581977f51a42b2b19fb1da15d62699262c
SSDEEP

3072:Ze6xD8emYCB6K8WfJnIFwWmVteLz+isF:ZeqfmXFXW8wzc

Score

10^/10

-test2 web7-test2 zloader

Malware Config

Extracted

Family

zloader

Botnet

-test2

Campaign

web7-test2

https://45.72.3.132/web7643/gate.php

Attributes

build_id
929195383

rc4.plain

Signatures

Zloader family
zloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
zloader 2_1.0.6.0.vir

Files

zloader 2_1.0.6.0.vir
.exe windows:5 windows x86 arch:x86

9a423736bbe76216edb7d544f60deeb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
CreateEventW
CreateFileW
DeleteCriticalSection
EnterCriticalSection
EnumSystemLocalesW
ExitThread
FlushFileBuffers
FreeLibrary
GetACP
GetCPInfo
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetDateFormatW
GetFileType
GetLastError
GetModuleFileNameA
GetOEMCP
GetProcAddress
GetProcessHeap
GetSystemTimeAsFileTime
GetTempPathA
GetUserDefaultLangID
GlobalAlloc
HeapSize
IsValidCodePage
LeaveCriticalSection
LocalAlloc
LocalFree
LocalReAlloc
MultiByteToWideChar
SetEvent
SetFilePointer
VirtualAlloc
WideCharToMultiByte
lstrcmpW

advapi32

GetTokenInformation

shlwapi

PathAddBackslashW

shell32

ShellAboutW

user32

CharNextA
CheckMenuRadioItem
CheckRadioButton
ClientToScreen
CopyRect
CreateDialogParamW
CreateMenu
DestroyWindow
DispatchMessageW
DrawIconEx
DrawTextW
EnableWindow
GetClassNameW
GetMenuState
GetMessageW
GetNextDlgTabItem
GetSysColor
GetSysColorBrush
InflateRect
InsertMenuItemW
IntersectRect
InvalidateRect
IsDialogMessageW
IsDlgButtonChecked
IsIconic
IsWindowEnabled
KillTimer
LoadCursorW
LoadImageW
LoadStringW
MessageBoxW
RedrawWindow
RegisterClassExW
ReleaseCapture
SetCapture
SetClassLongW
SetCursor
SetDlgItemInt
SetFocus
SetPropW
SetWindowTextW
TrackPopupMenu
TranslateAcceleratorW
UnregisterClassW
UpdateWindow

gdi32

CreateDIBSection
CreateFontIndirectW
CreateRectRgn
CreateRectRgnIndirect
DeleteDC
EndDoc
EndPage
ExtCreatePen
GetBkColor
GetRgnBox
GetTextExtentPoint32W
LineTo
SetBkColor
SetBkMode

ole32

CoCreateInstance
CoInitialize

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

9a423736bbe76216edb7d544f60deeb7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

shell32

user32

gdi32

ole32

Sections

.text Size: 124KB - Virtual size: 124KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 11KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 124KB - Virtual size: 124KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 11KB

.reloc
Size: 9KB - Virtual size: 9KB