General
-
Target
dragonx-loader.exe
-
Size
6.3MB
-
MD5
a14415d6945d05498707e7e1c4d54608
-
SHA1
b3b1d7f80a99fdb885ca9da63f73ba13b3e0a705
-
SHA256
b4136bbf371d09d017e17924acfbf44e3eefc24ec61167b9f0792692c56f7f13
-
SHA512
922d7354d0ea3c376934a9d59f78ed9c1bc8079ea1d746601dfdbf563e42a97bad2c234b182886d0011225f7b438c5c607fc58d2fef440fff823c52c2fbe0e08
-
SSDEEP
196608:fMebMvBGqlwoIEGbZN8x+Zs3U02mnB6pii:Uegp/llIEGps3Uyz
Malware Config
Signatures
-
resource yara_rule sample vmprotect -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource dragonx-loader.exe
Files
-
dragonx-loader.exe.exe windows:6 windows x64 arch:x64
26aebe5757ed28b82be0d902e9d888eb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
d3d11
D3D11CreateDeviceAndSwapChain
d3dcompiler_43
D3DCompile
kernel32
AcquireSRWLockExclusive
FlsSetValue
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
GetClipboardData
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW
advapi32
GetLengthSid
imm32
ImmReleaseContext
msvcp140
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
dwmapi
DwmExtendFrameIntoClientArea
urlmon
URLDownloadToFileW
d3dx11_43
D3DX11CreateShaderResourceViewFromMemory
normaliz
IdnToAscii
wldap32
ord200
crypt32
CertCloseStore
ws2_32
__WSAFDIsSet
rpcrt4
UuidToStringA
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__C_specific_handler
api-ms-win-crt-stdio-l1-1-0
__acrt_iob_func
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-string-l1-1-0
_strdup
api-ms-win-crt-heap-l1-1-0
realloc
api-ms-win-crt-runtime-l1-1-0
_beginthreadex
api-ms-win-crt-convert-l1-1-0
strtoul
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-time-l1-1-0
_localtime64_s
api-ms-win-crt-filesystem-l1-1-0
_lock_file
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
shell32
ShellExecuteA
wtsapi32
WTSSendMessageW
Sections
.text Size: - Virtual size: 817KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 199KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 3.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 6.3MB - Virtual size: 6.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 200B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 469B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ