zloader | 835048e00ba3babf6f920c9a4c2863865a5dcf8e0b6ede4f57c63aeb9cb5c147

Resubmissions

24-01-2024 08:44

240124-kne3ssecfm 10

24-01-2024 08:20

240124-j8dvssdgen 10

23-01-2024 11:38

240123-nryabshhbk 10

05-02-2022 13:33

220205-qtgrgabgg4 10

Sharing

Copy URL

Twitter E-mail

General

Target

835048e00ba3babf6f920c9a4c2863865a5dcf8e0b6ede4f57c63aeb9cb5c147
Size

184KB
MD5

c844efe1b7e76cbdea36ce62ff788de9
SHA1

d8143cf09bff7b0ca2a0c777912746a5922104ee
SHA256

835048e00ba3babf6f920c9a4c2863865a5dcf8e0b6ede4f57c63aeb9cb5c147
SHA512

52b350965940c785c0a9f3991016ee14a303d49a4168bf5c008bbaafe301cd93e7201965ced9f1e8cdf5f31414c128fdc546461ff21af45c9ae17c3f462d4931
SSDEEP

3072:brenHphylBa5vbUVmpg+Rrf17JhNO429gs6F4FO7MvA+lVJeTf7ko2bCHkMwGAkI:UglEzu+pxJhNC9gsxFO7idlzaQo2bVlt

Score

10^/10

telegramcrypt antiamsidoc zloader

Malware Config

Extracted

Family

zloader

Botnet

TelegramCrypt

Campaign

AntiAMSIdoc

http://wmwifbajxxbcxmucxmlc.com/post.php

http://pwkqhdgytsshkoibaake.com/post.php

http://snnmnkxdhflwgthqismb.com/post.php

http://iawfqecrwohcxnhwtofa.com/post.php

http://nlbmfsyplohyaicmxhum.com/post.php

http://fvqlkgedqjiqgapudkgq.com/post.php

http://cmmxhurildiigqghlryq.com/post.php

http://nmqsmbiabjdnuushksas.com/post.php

http://fyratyubvflktyyjiqgq.com/post.php

Attributes

build_id
115

rc4.plain

Signatures

Zloader family
zloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
835048e00ba3babf6f920c9a4c2863865a5dcf8e0b6ede4f57c63aeb9cb5c147

Files

835048e00ba3babf6f920c9a4c2863865a5dcf8e0b6ede4f57c63aeb9cb5c147
.exe windows:5 windows x86 arch:x86

aeaf05baf5176b03e6ca1c1b0c09e695

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CompareFileTime
CreateEventW
CreateFileW
DeleteCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FileTimeToSystemTime
FlushFileBuffers
FreeLibrary
GetACP
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetDateFormatW
GetFileAttributesW
GetFileType
GetLastError
GetLocalTime
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetTimeFormatW
GetUserDefaultLCID
GetVersion
GlobalAlloc
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
LCMapStringW
LeaveCriticalSection
LocalAlloc
LocalFree
LocalReAlloc
ResetEvent
SetEndOfFile
SetEvent
SetFilePointer
SetStdHandle
SystemTimeToFileTime
VirtualAlloc
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteFile

advapi32

GetTokenInformation

shlwapi

PathAddBackslashW

shell32

CommandLineToArgvW

user32

AppendMenuW
CallWindowProcW
CharNextA
CheckMenuItem
CheckMenuRadioItem
CheckRadioButton
CreateDialogParamW
CreateMenu
CreatePopupMenu
CreateWindowExW
DestroyIcon
DrawIconEx
DrawMenuBar
EnableMenuItem
EnableWindow
EndDialog
FillRect
GetClassNameW
GetClassWord
GetDC
GetDlgItem
GetDlgItemInt
GetFocus
GetMenu
GetMenuState
GetMessageW
GetNextDlgTabItem
GetProcessDefaultLayout
GetSubMenu
GetSysColor
GetWindowPlacement
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
InflateRect
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
InvalidateRgn
IsDlgButtonChecked
IsIconic
IsWindowEnabled
IsZoomed
LoadAcceleratorsW
LoadIconA
LoadImageW
LoadMenuA
LoadStringW
MapWindowPoints
MessageBeep
MessageBoxW
OffsetRect
RedrawWindow
RegisterClassExW
ReleaseDC
ScreenToClient
SendDlgItemMessageW
SetCapture
SetClassLongW
SetCursor
SetDlgItemInt
SetFocus
SetMenuItemInfoW
SetTimer
SetWindowPos
SetWindowTextW
ShowWindow
TranslateAcceleratorW
TranslateMessage
UpdateWindow

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreatePatternBrush
CreateRectRgn
CreateRectRgnIndirect
DeleteDC
DeleteObject
EndPage
ExtCreatePen
GetBkColor
GetDeviceCaps
GetObjectA
GetObjectW
GetRgnBox
GetStockObject
GetTextExtentPoint32W
GetTextMetricsA
GetTextMetricsW
LineTo
MoveToEx
SetBkColor
SetBkMode
SetMapMode
SetTextColor
StartDocA

ole32

CoCreateInstance
CoInitialize

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

aeaf05baf5176b03e6ca1c1b0c09e695

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

shell32

user32

gdi32

ole32

Sections

.text Size: 168KB - Virtual size: 168KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 2KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 168KB - Virtual size: 168KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 2KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 4KB