CR-Loader[.]exe | Triage

Sharing

General

Target

CR-Loader.exe
Size

426KB
MD5

0b1a664556b19bbbab7122c2fdfe7b27
SHA1

23d49e81a77fbc72fdb56f0c58135483868d3715
SHA256

6035b00e1ebd24c4bdca8933b61284252340ed1adb6b7d1d9cd59b7cd853c51d
SHA512

3bd287864b6dfe40e87eebae5ef2feb95eb5a33961f8d27e1d1f3408cde0690cc4d5879ce3d4df7d56620ab33bcba51cee14ebbdee7dd1a45c6293f766568811
SSDEEP

12288:P9w2+jhqLyib0G0s1Y0SIpXLATkA1vVhGFgU5rejlJwnM:P9wPjoL3t0s1YYOF1vegBr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CR-Loader.exe

Files

CR-Loader.exe
.exe windows:4 windows x64 arch:x64

Password: Power.2012

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.;jr
Size: - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nyq
Size: 420KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ