ldr_b17zW5I[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ldr_b17zW5I.exe
Size

13.1MB
MD5

9f835ae0a98370c3f4677c9e6623a1c9
SHA1

49af270fb5d0322d96be88d90be2ede10e8663c9
SHA256

4cd55194a056eef2d3caa6dd414bc163138236c8be3bce26b6681622a1a7ef75
SHA512

5bf8d25c630467321dbaa1f946cfae37c9d2474eb03d7a275c84c9d075e6cb46fe2078e4fe1329ad78b1ef181c232483024919bd88a0a50c6023edcf23c72679
SSDEEP

196608:g3Dnr4gyh+fwPCbGvD73I9dVCxuGQDwI4jY1keiWJyFG+Wg5P0NbATCj/p0LG+A:g3z0IIPC6vHMVgSz4k1ke3e8liCrUG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ldr_b17zW5I.exe

Files

ldr_b17zW5I.exe
.exe windows:6 windows x64 arch:x64

e80b15ed86547869dcaa7e5d7b62f5c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

SendARP

gdiplus

GdipCreateBitmapFromHBITMAP

kernel32

GetVersion
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

GetSystemMetricsForDpi

gdi32

SelectObject

advapi32

RegDeleteValueW

shell32

SHGetFolderPathW

ole32

GetHGlobalFromStream

ntdll

RtlVirtualUnwind

ws2_32

select

dbghelp

SymLoadModuleExW

crypt32

CertAddCertificateContextToStore

bcrypt

BCryptGenRandom

Sections

.text
Size: - Virtual size: 1006KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.0y_
Size: - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

./-0
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.x71
Size: 13.1MB - Virtual size: 13.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e80b15ed86547869dcaa7e5d7b62f5c0

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

ntdll

ws2_32

dbghelp

crypt32

bcrypt

Sections

.text Size: - Virtual size: 1006KB

.rdata Size: - Virtual size: 438KB

.data Size: - Virtual size: 56KB

.pdata Size: - Virtual size: 47KB

_RDATA Size: - Virtual size: 500B

.0y_ Size: - Virtual size: 7.6MB

./-0 Size: 4KB - Virtual size: 4KB

.x71 Size: 13.1MB - Virtual size: 13.1MB

.reloc Size: 512B - Virtual size: 56B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 1006KB

.rdata
Size: - Virtual size: 438KB

.data
Size: - Virtual size: 56KB

.pdata
Size: - Virtual size: 47KB

_RDATA
Size: - Virtual size: 500B

.0y_
Size: - Virtual size: 7.6MB

./-0
Size: 4KB - Virtual size: 4KB

.x71
Size: 13.1MB - Virtual size: 13.1MB

.reloc
Size: 512B - Virtual size: 56B

.rsrc
Size: 512B - Virtual size: 480B