loader_3[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

loader_3.exe
Size

12.3MB
MD5

8a3fb4238e9c4873df1c159e8981884a
SHA1

7d0473db7f816b7a1f102bae67dc15fdbdd311ac
SHA256

2fef05815b1310e2c9d072119df93b9a73eb59cd56d0d5c0613046f7b84e1f13
SHA512

0a2174c6edbd52c970a5b41b563610cbff0692d11051776ed5e00416cd35fcf11197f1e9e346de56ec2b8489263025c40c3498892a58941ce89f2ed05701b549
SSDEEP

196608:HoA71uKRK3m7sGPfWqwUodOzeYWnGjIdwTwscQzcIhyOHaitXwmBQZE1yFBbK:Hb71uKRKZGPf9Y4IGjpYwcIhyqX6W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
loader_3.exe

Files

loader_3.exe
.exe windows:6 windows x64 arch:x64

dc127eca41fdb96695d0d54b5a4653a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualProtect
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

msvcp140

?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ

ws2_32

ioctlsocket

vcruntime140

__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_crt_atexit

api-ms-win-crt-stdio-l1-1-0

fclose

api-ms-win-crt-filesystem-l1-1-0

remove

api-ms-win-crt-heap-l1-1-0

realloc

api-ms-win-crt-convert-l1-1-0

strtoull

api-ms-win-crt-string-l1-1-0

tolower

api-ms-win-crt-math-l1-1-0

ceilf

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Exports

Exports

GetCurrentThread
GetProcessHeap
HeapAlloc
HeapFree
ReadProcessMemory
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WriteProcessMemory

Sections

.stub
Size: - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data0
Size: - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data1
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 12.3MB - Virtual size: 12.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc127eca41fdb96695d0d54b5a4653a7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

ws2_32

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.stub Size: - Virtual size: 344KB

.idata Size: - Virtual size: 12KB

.data0 Size: - Virtual size: 8.5MB

.data1 Size: 4KB - Virtual size: 3KB

.data2 Size: 12.3MB - Virtual size: 12.3MB

.reloc Size: 512B - Virtual size: 296B

.rsrc Size: 512B - Virtual size: 469B

.stub
Size: - Virtual size: 344KB

.idata
Size: - Virtual size: 12KB

.data0
Size: - Virtual size: 8.5MB

.data1
Size: 4KB - Virtual size: 3KB

.data2
Size: 12.3MB - Virtual size: 12.3MB

.reloc
Size: 512B - Virtual size: 296B

.rsrc
Size: 512B - Virtual size: 469B