Loader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Loader.exe
Size

40.5MB
MD5

341ff72b296778f6a6411ee2a0164afb
SHA1

186aff1f9cb1c56003937d257040b8a3ad5db9e9
SHA256

08138c826c5c841e24100873769a58d67bf935713497ad39f5816eb28fe68b8b
SHA512

0937c78b17a37b1914e14f9bd18524eacea6658567fc78fc8e21d88a6b0dc6d2deff85a647d04be9a196b611e0a4971b9f105977c17d05fd47555b19fe0056a4
SSDEEP

786432:1/RJAx0jpwlzhP9ncWgRTyvJ8uaIW+hYxRL2qEtREvcn1MUE:1RljGlx9cWgRTyvmua2QRKqELEvcnm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Loader.exe

Files

Loader.exe
.exe windows:6 windows x64 arch:x64

Password: 12345

25164d6b561ec4d32f01dfc91ba530b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualFreeEx
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxW

advapi32

DeregisterEventSource

shell32

ShellExecuteW

ws2_32

WSACleanup

crypt32

CertFreeCertificateContext

ntdll

LdrGetDllHandle

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemory

dwmapi

DwmIsCompositionEnabled

imm32

ImmGetContext

bcrypt

BCryptGenRandom

Sections

42o1?iK<
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

`,P'=7'5
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

'_Oqk_.v
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

B$O=fao>
Size: - Virtual size: 24.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

:Wr$TWne
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

>?1Psnik
Size: 40.4MB - Virtual size: 40.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 12345

25164d6b561ec4d32f01dfc91ba530b2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

crypt32

ntdll

d3d9

d3dx9_43

dwmapi

imm32

bcrypt

Sections

42o1?iK< Size: - Virtual size: 3.3MB

`,P'=7'5 Size: - Virtual size: 1.6MB

'_Oqk_.v Size: - Virtual size: 9KB

B$O=fao> Size: - Virtual size: 24.1MB

:Wr$TWne Size: 4KB - Virtual size: 3KB

>?1Psnik Size: 40.4MB - Virtual size: 40.4MB

42o1?iK<
Size: - Virtual size: 3.3MB

`,P'=7'5
Size: - Virtual size: 1.6MB

'_Oqk_.v
Size: - Virtual size: 9KB

B$O=fao>
Size: - Virtual size: 24.1MB

:Wr$TWne
Size: 4KB - Virtual size: 3KB

>?1Psnik
Size: 40.4MB - Virtual size: 40.4MB