loader_final[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

loader_final.exe
Size

21.3MB
MD5

891e22d416c0b4c8831061463dab8f59
SHA1

be88bc2c9c6a1b6cfd44cd356f3415d02f3e5694
SHA256

c28ce3ac7ecbf4064c60b57c5895f9d0ae4f3c6d4321b5e3318f1446f3ea29a9
SHA512

ac4481e94237f75ac85770517daa9b75c2ba73f21b56477ab93283d9f3b230e8efa0bbc7d2ba79e61f843d4227dac98dc542d112090a183c3bb64cb6994623f9
SSDEEP

393216:MRDVuOqasLEc2INZIILSDN7iEw3/g6hHpSMJMoJsTLl/fZVXnLX:gZZsLu4SILCNBX6zDMoJsTJjLX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
loader_final.exe

Files

loader_final.exe
.exe windows:6 windows x64 arch:x64

d8b2390a679b227a7eef007a8908c984

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlCaptureContext

kernel32

SetLastError
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ClientToScreen

advapi32

CryptReleaseContext

shell32

SHGetFolderPathW

ole32

CoUninitialize

msvcp140

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z

ws2_32

WSASetLastError

crypt32

CertCloseStore

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

imm32

ImmGetContext

d3dcompiler_43

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

d3d11

D3D11CreateDeviceAndSwapChain

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context

api-ms-win-crt-runtime-l1-1-0

terminate

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-string-l1-1-0

wcscat_s

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 691KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.afamos1
Size: - Virtual size: 13.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.afamos1
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.afamos1
Size: 21.3MB - Virtual size: 21.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8b2390a679b227a7eef007a8908c984

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

shell32

ole32

msvcp140

ws2_32

crypt32

d3dx11_43

imm32

d3dcompiler_43

dwmapi

d3d11

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: - Virtual size: 2.1MB

.rdata Size: - Virtual size: 676KB

.data Size: - Virtual size: 691KB

.pdata Size: - Virtual size: 83KB

.afamos1 Size: - Virtual size: 13.6MB

.afamos1 Size: 5KB - Virtual size: 5KB

.afamos1 Size: 21.3MB - Virtual size: 21.3MB

.reloc Size: 512B - Virtual size: 296B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 2.1MB

.rdata
Size: - Virtual size: 676KB

.data
Size: - Virtual size: 691KB

.pdata
Size: - Virtual size: 83KB

.afamos1
Size: - Virtual size: 13.6MB

.afamos1
Size: 5KB - Virtual size: 5KB

.afamos1
Size: 21.3MB - Virtual size: 21.3MB

.reloc
Size: 512B - Virtual size: 296B

.rsrc
Size: 512B - Virtual size: 480B