loader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

loader.exe
Size

26.5MB
MD5

4f336726a7da3551a0918021724947f5
SHA1

3d08e2b6aa00ef1d9c50dba0f81c2afb6f2ad90a
SHA256

e4366c0730c072aade031190cc75c3750cc3e2c61eda50611aa618880826ed09
SHA512

f2714770d05cae6fed14c055e269cd414a74d549d0e2ba9ba3e595296453580a6821def865489b38fb1a60a08d321be9bfa8f9deeef8ccfbed1f88e60e742229
SSDEEP

786432:gxk6AYy4tOOsdCFqwBp6zLb8N5MN1Ev+Tm:gS4TkCcKczf45M0mi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
loader.exe

Files

loader.exe
.exe windows:6 windows x64 arch:x64

ce0eebc187bcaa7fd2ed82ad2c545ac3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

K32GetDeviceDriverBaseNameA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetClipboardData

gdi32

CreateRoundRectRgn

advapi32

GetTokenInformation

shell32

ShellExecuteA

winmm

PlaySoundA

imm32

ImmGetContext

msvcp140

??0_Lockit@std@@QEAA@H@Z

wininet

HttpSendRequestA

urlmon

URLDownloadToFileA

d3d9

Direct3DCreate9

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

isprint

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-runtime-l1-1-0

exit

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-filesystem-l1-1-0

rename

api-ms-win-crt-math-l1-1-0

fmodf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

ntdll

RtlLookupFunctionEntry

Sections

.text
Size: - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.`S<
Size: - Virtual size: 15.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.(Z=
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.$Ki
Size: 26.5MB - Virtual size: 26.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce0eebc187bcaa7fd2ed82ad2c545ac3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

winmm

imm32

msvcp140

wininet

urlmon

d3d9

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

ntdll

Sections

.text Size: - Virtual size: 300KB

.rdata Size: - Virtual size: 55KB

.data Size: - Virtual size: 135KB

.pdata Size: - Virtual size: 9KB

.`S< Size: - Virtual size: 15.9MB

.(Z= Size: 4KB - Virtual size: 3KB

.$Ki Size: 26.5MB - Virtual size: 26.5MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 300KB

.rdata
Size: - Virtual size: 55KB

.data
Size: - Virtual size: 135KB

.pdata
Size: - Virtual size: 9KB

.`S<
Size: - Virtual size: 15.9MB

.(Z=
Size: 4KB - Virtual size: 3KB

.$Ki
Size: 26.5MB - Virtual size: 26.5MB

.rsrc
Size: 512B - Virtual size: 480B