loader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

loader.exe
Size

36.7MB
MD5

489e79895c6ae6fb05b1e3f10d9f2278
SHA1

26cd5d480d9ea3aac33c214cb1b7493c8c167be9
SHA256

7a1a05101406272f1db0ab9118ffa14266ae47342e591d8764da4186db74a824
SHA512

56d2b54c4a54b7437149a1a04a9693363dd188a1358455defcade91188206b4313c2e595824e915b79b4aabdb68e49a498e1899562ac6e792f13abbbe1716507
SSDEEP

786432:MrF2vjlz762sxuv9iqFvD/ILtOxx2O/0Th+kAmMXhtZtbJ:0Uv5qQFbFLcExxJ/CDEXhtjb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
loader.exe

Files

loader.exe
.exe windows:6 windows x64 arch:x64

Password: fortnitecheet

19c3c9dc9f09b3d1d10f5d786c7c5101

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetLastError
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetUserObjectInformationW

advapi32

CryptAcquireContextW

shell32

ShellExecuteA

ole32

CoSetProxyBlanket

oleaut32

SysFreeString

msvcp140

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

ws2_32

getservbyport

crypt32

CertCloseStore

d3d9

Direct3DCreate9

ntdll

NtOpenFile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

system

api-ms-win-crt-heap-l1-1-0

calloc

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-convert-l1-1-0

strtod

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-environment-l1-1-0

_wdupenv_s

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

_dclass

Sections

O=vkc27J
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

0+9_bH1]
Size: - Virtual size: 893KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

<kGGIG^x
Size: - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

MRT;<WE<
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

'jbD5Pmf
Size: - Virtual size: 22.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

#_?:n)Wf
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Y.@_Po;6
Size: 36.7MB - Virtual size: 36.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

QLo@_\*)
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: fortnitecheet

19c3c9dc9f09b3d1d10f5d786c7c5101

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp140

ws2_32

crypt32

d3d9

ntdll

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

O=vkc27J Size: - Virtual size: 3.5MB

0+9_bH1] Size: - Virtual size: 893KB

<kGGIG^x Size: - Virtual size: 57KB

MRT;<WE< Size: - Virtual size: 132KB

'jbD5Pmf Size: - Virtual size: 22.1MB

#_?:n)Wf Size: 5KB - Virtual size: 5KB

Y.@_Po;6 Size: 36.7MB - Virtual size: 36.7MB

QLo@_\*) Size: 512B - Virtual size: 480B

O=vkc27J
Size: - Virtual size: 3.5MB

0+9_bH1]
Size: - Virtual size: 893KB

<kGGIG^x
Size: - Virtual size: 57KB

MRT;<WE<
Size: - Virtual size: 132KB

'jbD5Pmf
Size: - Virtual size: 22.1MB

#_?:n)Wf
Size: 5KB - Virtual size: 5KB

Y.@_Po;6
Size: 36.7MB - Virtual size: 36.7MB

QLo@_\*)
Size: 512B - Virtual size: 480B