ORBIT_LOADER[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ORBIT_LOADER.exe
Size

4.6MB
MD5

e56d052a03bc7caa9f708f861f865e9a
SHA1

a2dbc9d29615f5c9cb0cceabde0bc893ac2df572
SHA256

5bd0ec8f52cd94ee2a9540222e40659d58d58c6d14ae7dec378638953ee990cc
SHA512

622d8a979db23973c0b308267766c1f291a87d1eeffbbf7e32094a256f3e52f4d276c616e99af600db83561c52234c1db263e2d275b31b8c4b87ed15f2c5fc4a
SSDEEP

98304:9lHNWonGDHsFcWvl4/ZYc/oSc5GKnN9Y80qpCZsVv2OEIOmWEjx:9lssFcWvlOZbCXGqpCSVv2Rm1j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ORBIT_LOADER.exe

Files

ORBIT_LOADER.exe
.exe windows:6 windows x64 arch:x64

2123eafd5bbdc0471774164d11f95d8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA

advapi32

SetSecurityInfo

shell32

ShellExecuteA

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

normaliz

IdnToAscii

wldap32

ord22

crypt32

CertFreeCertificateChainEngine

ws2_32

getpeername

rpcrt4

UuidToStringA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove

api-ms-win-crt-runtime-l1-1-0

_cexit

api-ms-win-crt-stdio-l1-1-0

fgets

api-ms-win-crt-heap-l1-1-0

realloc

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-filesystem-l1-1-0

_access

api-ms-win-crt-time-l1-1-0

_gmtime64

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-convert-l1-1-0

strtoull

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-math-l1-1-0

_dclass

Exports

Exports

?mGetExportedFunctionOffset@mProcessFunctions@@YAKAEBQEAUHINSTANCE__@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?mGetHandle@mProcessFunctions@@YAPEAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4ProcessAccess@1@@Z
?mGetModuleAddress@mProcessFunctions@@YA_KAEBQEAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?mGetModuleAddress@mProcessFunctions@@YA_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?mGetModuleBitness@mProcessFunctions@@YA?AW4Bitness@1@AEBQEAUHINSTANCE__@@@Z
?mGetModuleHandle@mProcessFunctions@@YAPEAUHINSTANCE__@@AEBQEAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?mGetModuleHandle@mProcessFunctions@@YAPEAUHINSTANCE__@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?mGetPID@mProcessFunctions@@YAKAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?mGetPatternAddress@mMemoryFunctions@@YAKPEBD0AEBQEAXQEAUHINSTANCE__@@@Z
?mInjectDLL@mMemoryFunctions@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?mReadMemory@mMemoryFunctions@@YAPEBXAEBQEAXAEB_K1@Z
?mReadMemory@mMemoryFunctions@@YAPEBXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEB_K1@Z
?mValidateHandle@mProcessFunctions@@YA_NAEAPEAX@Z
?mWriteMemory@mMemoryFunctions@@YA_NAEBQEAXAEB_KAEBQEBX1@Z
?mWriteMemory@mMemoryFunctions@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEB_KAEBQEBX1@Z

Sections

.text
Size: - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.=vp
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zbu
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0d>
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2123eafd5bbdc0471774164d11f95d8c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp140

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 513KB

.rdata Size: - Virtual size: 115KB

.data Size: - Virtual size: 6KB

.pdata Size: - Virtual size: 19KB

.=vp Size: - Virtual size: 2.9MB

.zbu Size: 5KB - Virtual size: 4KB

.0d> Size: 4.6MB - Virtual size: 4.6MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 513KB

.rdata
Size: - Virtual size: 115KB

.data
Size: - Virtual size: 6KB

.pdata
Size: - Virtual size: 19KB

.=vp
Size: - Virtual size: 2.9MB

.zbu
Size: 5KB - Virtual size: 4KB

.0d>
Size: 4.6MB - Virtual size: 4.6MB

.rsrc
Size: 512B - Virtual size: 480B