Loader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Loader.exe
Size

70KB
MD5

55a9f50faab048ee6b0c2fc5991bce31
SHA1

227410384289b17c0c4daba9c0e7546f67703a5e
SHA256

353e082d656d359d526209d5a74298333bd12eae74aeedfcdf24064569f1e87b
SHA512

35fda685931f3aa5b405fa6593b4b77179c976f871e7628146f7c57ec32158a59df9502ada7bcce939d66b5515cd20eb97467a858451eb40c839f05c6821fdf3
SSDEEP

1536:7W4HGo2wdnTdTZxZxqbXC1/QsrbAoBIVs7yCICBz+BIGpq1ssLegq1u8Vcl:64DTd6DC1/NbAoBIVuYC1+eGpq1xexu5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Loader.exe

Files

Loader.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ