loader_prod[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

loader_prod.exe
Size

19.7MB
MD5

f81f7caeb964062d033b33b95c944ec3
SHA1

d5073c0699ed27808086dfc3b72e99d6b3c86318
SHA256

2d1002f980c17b2625e918eb0d1f47c6e099988bf3798ba16865f930da71826a
SHA512

1513967eaf325f445a85f0fad73b4f440955a4087be7e1f6ccba1ec11350a5ad69b05c62526b41f497065315223d32b26de87f532b09864a03b7e673dbe1c9c8
SSDEEP

393216:ct0fDwfjRAnusTcI5PODu01yGSlGJ4Bgv5iqpOy7Xce5JxpmuZPLMt9:ct0kf1AuDIwKwSlZokyjcsJxNw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
loader_prod.exe

Files

loader_prod.exe
.exe windows:6 windows x64 arch:x64

2ad5bba9a7f55df153e18e95c7aa0b7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetComputerNameA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

GetActiveWindow

gdi32

DeleteDC

advapi32

OpenProcessToken

shell32

SHGetKnownFolderPath

ole32

CoCreateGuid

oleaut32

VariantClear

ntdll

NtClose

msvcp140

??1_Lockit@std@@QEAA@XZ

shlwapi

PathFindExtensionW

ws2_32

WSAGetLastError

crypt32

CertOpenStore

secur32

InitSecurityInterfaceW

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

imm32

ImmSetCompositionWindow

gdiplus

GdipSaveImageToFile

dnsapi

DnsNameCompare_W

rpcrt4

UuidToStringW

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-string-l1-1-0

wcsnlen

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

fputc

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

_itow_s

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

ldexp

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

🧠PHuc
Size: - Virtual size: 683KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

🧠]TGe
Size: - Virtual size: 630KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

🧠t#/%
Size: - Virtual size: 789KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

🧠"^7y
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

🧠N*E@
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

🧠P-'c
Size: - Virtual size: 14.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

🧠i,iV
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

🧠Yidg
Size: 19.7MB - Virtual size: 19.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

🧠$_/o
Size: 1024B - Virtual size: 737B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ad5bba9a7f55df153e18e95c7aa0b7b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ntdll

msvcp140

shlwapi

ws2_32

crypt32

secur32

d3d11

d3dcompiler_47

imm32

gdiplus

dnsapi

rpcrt4

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

🧠PHuc Size: - Virtual size: 683KB

🧠]TGe Size: - Virtual size: 630KB

🧠t#/% Size: - Virtual size: 789KB

🧠"^7y Size: - Virtual size: 24KB

🧠N*E@ Size: - Virtual size: 8KB

🧠P-'c Size: - Virtual size: 14.1MB

🧠i,iV Size: 6KB - Virtual size: 5KB

🧠Yidg Size: 19.7MB - Virtual size: 19.7MB

🧠$_/o Size: 1024B - Virtual size: 737B

🧠PHuc
Size: - Virtual size: 683KB

🧠]TGe
Size: - Virtual size: 630KB

🧠t#/%
Size: - Virtual size: 789KB

🧠"^7y
Size: - Virtual size: 24KB

🧠N*E@
Size: - Virtual size: 8KB

🧠P-'c
Size: - Virtual size: 14.1MB

🧠i,iV
Size: 6KB - Virtual size: 5KB

🧠Yidg
Size: 19.7MB - Virtual size: 19.7MB

🧠$_/o
Size: 1024B - Virtual size: 737B