Static task
static1
General
-
Target
Loader.exe
-
Size
177KB
-
MD5
65d79f47e6d48aa1561dd33d8f4b8ee3
-
SHA1
1e50881497f47446a160859c7a23cf860d994102
-
SHA256
f5c3d2ece9386940181add35486bd56aac728cfcaf716258c9f31549b953ccfd
-
SHA512
25f7e0c55957fe3e1049e0812970b957a3e431c3b7d95d8eb6a11a35090567204ac7cf1ca65ee86cbecdb9f053286f5b7de74a8134d400ef13f320eaca990a29
-
SSDEEP
3072:qzMdUI9iMJmOWEb+twYEmZKZ1R84xq3W64j3g:oMviMJmOB+WYEEKZ1dIW63
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Loader.exe
Files
-
Loader.exe.exe windows:6 windows x64 arch:x64
34a09df46476a2ebb6ce06b1f7081b45
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
VirtualProtect
GetCurrentProcess
VirtualAlloc
GetLastError
GetCurrentThread
LoadLibraryA
CloseHandle
GetThreadContext
GetProcAddress
LocalFree
ExitProcess
GetModuleHandleW
AllocConsole
IsDebuggerPresent
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
InitializeSListHead
GetLocaleInfoEx
TerminateProcess
FormatMessageA
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
GetSystemTimeAsFileTime
GetCurrentThreadId
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
UnhandledExceptionFilter
RtlVirtualUnwind
SetUnhandledExceptionFilter
user32
FindWindowA
FindWindowW
ShowWindow
MessageBoxW
advapi32
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
shell32
SHGetPathFromIDListW
ShellExecuteW
SHGetSpecialFolderLocation
ole32
CoTaskMemFree
msvcp140
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
wininet
InternetOpenW
InternetCloseHandle
InternetOpenUrlW
InternetReadFile
urlmon
URLDownloadToFileW
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memset
_CxxThrowException
__C_specific_handler
__current_exception_context
__current_exception
wcsstr
__std_exception_copy
__std_exception_destroy
memcpy
memmove
api-ms-win-crt-runtime-l1-1-0
_register_thread_local_exe_atexit_callback
_initterm
_c_exit
_initialize_wide_environment
_configure_wide_argv
__p___wargv
__p___argc
_set_app_type
_initterm_e
_get_initial_wide_environment
_seh_filter_exe
abort
_exit
_cexit
_invalid_parameter_noinfo_noreturn
_crt_atexit
_register_onexit_function
_initialize_onexit_table
exit
terminate
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__p__commode
api-ms-win-crt-heap-l1-1-0
free
_set_new_mode
malloc
_callnewh
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
___lc_codepage_func
api-ms-win-crt-math-l1-1-0
__setusermatherr
Sections
.text Size: 152KB - Virtual size: 151KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 192B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ