loader[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

loader.zip
Size

1.3MB
MD5

de33453f6e15b200d27b231b8a102f55
SHA1

905ec2f17f4a15a48fd30ea23a9291dfe7976226
SHA256

d27cf8dfc9509c014e27e69cfbb9f862000c992a30e223a09e23b8703a42932e
SHA512

820a3ef5bc42fb28dfbe301b8934da10d12ed1c3940057eaed9e3ca7480634ed2183a9bb81c66b4e8a198fa2924518a9e60459d0956258576fd017a03e8e0e59
SSDEEP

24576:rnnDUav8Cw9KA0aqjsrhwPwNLMXIwJCzbp4EfQNzMtyybR4LxYVLdqwtxlA0Q9:rnDv8CwjaMwPa4yp48KtybR4NYVNtzxg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/loader.exe

Files

loader.zip
.zip
loader.exe
.exe windows:6 windows x64 arch:x64

9b9086f2f76f1bbaad3daf6df28b2525

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

ws2_32

__WSAFDIsSet
WSAStartup
WSACleanup
shutdown
WSASocketW
getaddrinfo
getpeername
getsockname
send
socket
ntohs
connect
recv
getsockopt
freeaddrinfo
ioctlsocket
getnameinfo
setsockopt
WSAGetLastError
closesocket
select

kernel32

Process32FirstW
Module32FirstW
GetCurrentProcessId
Module32NextW
IsProcessorFeaturePresent
TerminateProcess
GetModuleFileNameA
GetComputerNameA
MapViewOfFile
ReadProcessMemory
CreateFileMappingA
GetCurrentThreadId
RaiseException
RtlPcToFileHeader
OpenProcess
CreateProcessA
CloseHandle
WaitForSingleObject
GetCurrentProcess
GetVolumeInformationA
FreeLibrary
GetProcAddress
RtlUnwind
FormatMessageW
VerSetConditionMask
InitializeCriticalSection
SetThreadExecutionState
LoadLibraryA
SetEndOfFile
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
OutputDebugStringW
GetTimeZoneInformation
HeapReAlloc
ReadConsoleW
GetPrivateProfileStringA
GetUserDefaultLCID
Process32NextW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
FlushFileBuffers
HeapAlloc
HeapFree
WriteConsoleW
GetModuleFileNameW
GetCommandLineW
GetCommandLineA
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
IsValidLocale
CreateToolhelp32Snapshot
GetSystemTimeAsFileTime
InitializeCriticalSectionEx
WritePrivateProfileStringA
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
EnumSystemLocalesW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetExitCodeThread
WaitForSingleObjectEx
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetModuleHandleExW
MultiByteToWideChar
MoveFileExW
DeleteFileW
GetFileAttributesExW
SetFileAttributesW
GetFileAttributesW
CreateFileW
GetFileType
WriteFile
GetLastError
GetTickCount
LocalFree
GetFileSizeEx
GetFileTime
ReadFile
SetFilePointerEx
WriteProcessMemory
VirtualAllocEx
VirtualFreeEx
VirtualFree
VirtualAlloc
GetModuleHandleA
GetProcessId
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
WideCharToMultiByte
GetStdHandle
Sleep
GetDynamicTimeZoneInformation
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
FormatMessageA
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
SetFileInformationByHandle
GetTempPathW
AreFileApisANSI
GetModuleHandleW
QueryPerformanceFrequency
GetFileInformationByHandleEx
QueryPerformanceCounter
CloseThreadpoolWork

user32

SetClipboardData
MessageBoxA
EmptyClipboard
CloseClipboard
GetClipboardData
GetRawInputDeviceList
GetRawInputDeviceInfoA
EnumDisplayMonitors
EnumDisplayDevicesW
EnumDisplaySettingsExW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
ToUnicode
UnregisterDeviceNotification
RegisterDeviceNotificationW
RegisterRawInputDevices
GetRawInputData
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
CreateIconIndirect
LoadImageW
DestroyIcon
LoadCursorW
GetClassLongPtrW
GetWindowLongPtrW
PtInRect
SetRect
ClipCursor
WindowFromPoint
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
RemovePropW
GetPropW
SetPropW
InvalidateRect
ReleaseDC
GetDC
SetForegroundWindow
GetSystemMetrics
MsgWaitForMultipleObjects
ReleaseCapture
SetCapture
MapVirtualKeyW
GetKeyState
GetActiveWindow
SetFocus
IsZoomed
BringWindowToTop
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindow
SetLayeredWindowAttributes
GetLayeredWindowAttributes
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
DefWindowProcW
WaitMessage
PostMessageW
SendMessageW
GetMessageTime
PeekMessageW
DispatchMessageW
TranslateMessage
TrackMouseEvent
SetWindowLongW
GetWindowLongW
OpenClipboard

advapi32

OpenProcessToken
GetCurrentHwProfileW
GetTokenInformation
GetSecurityInfo

shell32

SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
DragQueryFileW
DragQueryPoint
DragFinish
DragAcceptFiles
SHGetPathFromIDListA

vulkan-1

vkDestroyShaderModule
vkCreateGraphicsPipelines
vkDestroyPipeline
vkCreatePipelineLayout
vkDestroyPipelineLayout
vkCreateSampler
vkDestroySampler
vkCreateDescriptorSetLayout
vkDestroyDescriptorSetLayout
vkAllocateDescriptorSets
vkUpdateDescriptorSets
vkCreateFramebuffer
vkDestroyFramebuffer
vkCreateRenderPass
vkDestroyRenderPass
vkCreateCommandPool
vkDestroyCommandPool
vkCreateShaderModule
vkCmdSetViewport
vkCmdSetScissor
vkDestroyFence
vkCmdBindIndexBuffer
vkCmdBindVertexBuffers
vkCmdDrawIndexed
vkCmdCopyBufferToImage
vkCmdPipelineBarrier
vkCmdPushConstants
vkDestroySurfaceKHR
vkGetPhysicalDeviceSurfaceCapabilitiesKHR
vkGetPhysicalDeviceSurfaceFormatsKHR
vkGetPhysicalDeviceSurfacePresentModesKHR
vkCreateSwapchainKHR
vkDestroySwapchainKHR
vkGetSwapchainImagesKHR
vkResetFences
vkDestroyImageView
vkCreateImageView
vkDestroyImage
vkCreateImage
vkDestroyBuffer
vkCreateBuffer
vkDestroySemaphore
vkCreateSemaphore
vkGetImageMemoryRequirements
vkGetBufferMemoryRequirements
vkBindImageMemory
vkQueueSubmit
vkDeviceWaitIdle
vkCmdBindPipeline
vkWaitForFences
vkBindBufferMemory
vkFlushMappedMemoryRanges
vkUnmapMemory
vkMapMemory
vkFreeMemory
vkAllocateMemory
vkGetPhysicalDeviceMemoryProperties
vkCreateDescriptorPool
vkDestroyDescriptorPool
vkResetCommandPool
vkAllocateCommandBuffers
vkFreeCommandBuffers
vkGetDeviceQueue
vkDestroyDevice
vkCreateDevice
vkGetPhysicalDeviceQueueFamilyProperties
vkGetPhysicalDeviceProperties
vkEnumeratePhysicalDevices
vkDestroyInstance
vkCreateInstance
vkBeginCommandBuffer
vkEndCommandBuffer
vkCmdBeginRenderPass
vkCreateFence
vkCmdEndRenderPass
vkGetPhysicalDeviceSurfaceSupportKHR
vkAcquireNextImageKHR
vkCmdBindDescriptorSets
vkQueuePresentKHR

bcrypt

BCryptDeriveKeyPBKDF2
BCryptGenRandom
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDestroyKey
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGetProperty
BCryptOpenAlgorithmProvider

imm32

ImmGetContext
ImmReleaseContext
ImmAssociateContextEx
ImmSetCompositionWindow
ImmSetCandidateWindow

gdi32

SetPixelFormat
SwapBuffers
ChoosePixelFormat
SetDeviceGammaRamp
DeleteObject
CreateBitmap
CreateRectRgn
DescribePixelFormat
CreateDIBSection
CreateDCW
DeleteDC
GetDeviceCaps
GetDeviceGammaRamp

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1012KB - Virtual size: 1011KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 204KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b9086f2f76f1bbaad3daf6df28b2525

Headers

DLL Characteristics

File Characteristics

Imports

version

ws2_32

kernel32

user32

advapi32

shell32

vulkan-1

bcrypt

imm32

gdi32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 1012KB - Virtual size: 1011KB

.data Size: 204KB - Virtual size: 230KB

.pdata Size: 72KB - Virtual size: 71KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 1012KB - Virtual size: 1011KB

.data
Size: 204KB - Virtual size: 230KB

.pdata
Size: 72KB - Virtual size: 71KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 8KB - Virtual size: 8KB