Loader[.]exe | Triage

Sharing

General

Target

Loader.exe
Size

31.0MB
MD5

0252feffaa9fe39e409c6ade38f67bc8
SHA1

1c67e1fe7c8c8ba3b620dc04b85243affea3159d
SHA256

3e6ba768b078b6c13f0ce657ac5edefa0db42cb7fd796fdf15b379ec519f6100
SHA512

c55c1b4aad9635a109fa1b8a894ad9beb4bd5c624554109f7698d8a531567574c25b0195dcaa83188476d5aef906160c791b2920bf63ca9d2e17bbd781ff12eb
SSDEEP

49152:5yIsHa2XTXuq69GHJx/xnUGw/lXk990cAO3M26XJ7PY0pDd2bzeA9wIo3mibTq/T:g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Loader.exe

Files

Loader.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\coldboot\source\repos\xorStub\xorStub\obj\Release\xorStub.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ