Static task
static1
General
-
Target
loader_prod.exe
-
Size
24.4MB
-
MD5
498ce0484e596237d5b6a1ba57b5bd64
-
SHA1
595d15ca712caa80edc0179376b55f282e8f2129
-
SHA256
d8fda382128466a9ea34675fbfded8a2e766298ee6017bfca305470ec5783077
-
SHA512
e27dffc5be8a57e7c650eb2007813cfaf24a51fd8c69efe9aa26c2be115b185be0ad6c5120d39f7bc29859dcd7834e1eea564f5dfbd79dda2d2ae3f7ed5f5b42
-
SSDEEP
393216:zJ4NpHpHDQ0ab6ivRyhIJ2BfeGiz+LnKxLPcFB9bNgtLU4HAg1WjFt3RM:94DhE0ab6ip5JKLKBc/qH7cFtBM
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource loader_prod.exe
Files
-
loader_prod.exe.exe windows:6 windows x64 arch:x64
2ad5bba9a7f55df153e18e95c7aa0b7b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
GetComputerNameA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress
user32
GetActiveWindow
gdi32
DeleteDC
advapi32
OpenProcessToken
shell32
SHGetKnownFolderPath
ole32
CoCreateGuid
oleaut32
VariantClear
ntdll
NtClose
msvcp140
??1_Lockit@std@@QEAA@XZ
shlwapi
PathFindExtensionW
ws2_32
WSAGetLastError
crypt32
CertOpenStore
secur32
InitSecurityInterfaceW
d3d11
D3D11CreateDeviceAndSwapChain
d3dcompiler_47
D3DCompile
imm32
ImmSetCompositionWindow
gdiplus
GdipSaveImageToFile
dnsapi
DnsNameCompare_W
rpcrt4
UuidToStringW
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memcmp
api-ms-win-crt-heap-l1-1-0
_callnewh
api-ms-win-crt-string-l1-1-0
wcsnlen
api-ms-win-crt-runtime-l1-1-0
_invalid_parameter_noinfo_noreturn
api-ms-win-crt-stdio-l1-1-0
fputc
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-convert-l1-1-0
_itow_s
api-ms-win-crt-filesystem-l1-1-0
_lock_file
api-ms-win-crt-time-l1-1-0
_time64
api-ms-win-crt-math-l1-1-0
ldexp
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
🧠Uwju Size: - Virtual size: 683KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
🧠@F7j Size: - Virtual size: 630KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
🧠0?%H Size: - Virtual size: 789KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
🧠q0x9 Size: - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
🧠T;(N Size: - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
🧠VkA4 Size: - Virtual size: 17.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
🧠<Qr` Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
🧠Bukv Size: 24.4MB - Virtual size: 24.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
🧠^F[3 Size: 1024B - Virtual size: 737B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ