xbtloader[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

xbtloader.exe
Size

2.6MB
MD5

3c2ce973f264329fbf4c0d4393eb2afc
SHA1

e9f5a9c83021a8c5c4432dfd5012317368cb794e
SHA256

c53b17ac00823d08230a13181947abe56fde2ec4a20ad71df4029976e3ef7aa6
SHA512

a0f1ea0d130c49da29fe049e39de297a3a31e81a44769991ae797a0620ee6aec70ce49735a8f3b5a530b1e871a4a9e687ce882a2bf9ad51e202cc6c60513614f
SSDEEP

49152:KV1ToZfUFkRt8H/ti+oU9n4hA5J5+oyzvt3qZr3KG3rVfxdZE9:KVeZ8U8HliRhA5JETzvt3qN3RRfvO9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xbtloader.exe

Files

xbtloader.exe
.exe windows:6 windows x64 arch:x64

de41d4e0545d977de6ca665131bb479a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_commode
_fmode
_initterm
_onexit
_wcsicmp
_wcsnicmp
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
memset
signal
strlen
strncmp
vfprintf
wcscat
wcscpy
wcslen
wcsncmp

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de41d4e0545d977de6ca665131bb479a

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 2.5MB - Virtual size: 2.5MB

.pdata Size: 512B - Virtual size: 384B

.00cfg Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 512B - Virtual size: 120B

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 2.5MB - Virtual size: 2.5MB

.pdata
Size: 512B - Virtual size: 384B

.00cfg
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 512B - Virtual size: 120B