LoaderNEW[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

LoaderNEW.exe
Size

2.8MB
MD5

ecd025bcd0f6f78dfbbefa325fbe0a95
SHA1

3e6d5897e1ea4226e260a24f6fb4bed35ac855af
SHA256

fc571a0b5435f5ce1710345fa699a5d1af8ffd74b0ab0b96db6532a515c7981e
SHA512

f95755eb40632c5824a7f2b9fbd4104e090f3a45a43ed37f30f11f9fe95d65f93765080e3523893528bfc1f23a1138f001a557db17eb69fc83c9a7fe6f5b0c77
SSDEEP

49152:v9rrkauo2hf0g2Igg/81KrCA3oJ3FRVG82L3+xkcHtrj74kYH1b:1OoULN81KSROL30kaYkYt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
LoaderNEW.exe

Files

LoaderNEW.exe
.exe windows:6 windows x86 arch:x86

aba2109f725e5b3ee34ebcc61bea1aa2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\custom\project_sun\Release\project_sun.pdb

Imports

kernel32

GetModuleHandleA
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
Sleep
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
GetTickCount
OpenProcess
CreateThread
DecodePointer
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
CreateDirectoryA
FreeLibrary
LoadLibraryA
GetProcAddress
QueryPerformanceFrequency
QueryPerformanceCounter
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalUnlock
WriteConsoleW
SetEndOfFile
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
GlobalAlloc
EnterCriticalSection
LeaveCriticalSection
LocalFree
EncodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
SetLastError
GetCurrentThread
GetThreadTimes
OutputDebugStringW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
InitializeCriticalSection
ResumeThread
CreateProcessW
GetExitCodeProcess
GetSystemInfo
VirtualAllocEx
VirtualFreeEx
GetModuleFileNameW
GetFileAttributesW
CreateActCtxW
WriteFile
GetTempPathW
CreateFileW
UnmapViewOfFile
DeleteFileW
GetTempFileNameW
CreateFileMappingW
ReleaseActCtx
MapViewOfFile
ActivateActCtx
GetEnvironmentVariableW
GetSystemDirectoryW
DeactivateActCtx
GetSystemWow64DirectoryW
Module32FirstW
GetCurrentDirectoryW
GetWindowsDirectoryW
WaitForSingleObject
DuplicateHandle
DeviceIoControl
Thread32Next
Thread32First
ReadFile
CreateNamedPipeW
TerminateThread
GetExitCodeThread
GetNativeSystemInfo
IsWow64Process
WriteProcessMemory
VirtualProtectEx
GetThreadContext
ReadProcessMemory
CreateRemoteThread
SetThreadContext
VirtualQueryEx
LoadLibraryW
SuspendThread
OpenThread
RtlUnwind
InterlockedPushEntrySList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetFileAttributesExW
MoveFileExW
HeapReAlloc
FindFirstFileExW
FindNextFileW
IsValidCodePage

user32

RegisterClassA
ShowWindow
GetSystemMetrics
DefWindowProcA
DispatchMessageA
wsprintfW
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
LoadIconA
PeekMessageA
SetClipboardData
GetClipboardData
EmptyClipboard
IsChild
GetKeyState
GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow
GetClientRect
UpdateWindow
CloseClipboard
SetCursorPos
GetWindowThreadProcessId
OpenClipboard
DestroyWindow
EnumWindows
GetDesktopWindow
MessageBoxA
GetWindowRect
GetWindowTextA
MoveWindow
IsWindow
UnregisterClassA
PostQuitMessage
LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
GetDC

gdi32

ChoosePixelFormat
CreateSolidBrush
SwapBuffers
SetPixelFormat

shell32

ShellExecuteA

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

wininet

InternetOpenW
DeleteUrlCacheEntry

urlmon

URLDownloadToFileA

dwmapi

DwmGetColorizationColor
DwmExtendFrameIntoClientArea
DwmEnableBlurBehindWindow

winmm

timeGetTime

opengl32

glTexImage2D
glGetIntegerv
glGenTextures
wglMakeCurrent
glLoadIdentity
wglCreateContext
glMatrixMode
glBindTexture
glTexParameteri

ole32

CoCreateInstance
CoInitialize
CoUninitialize

glu32

gluOrtho2D

advapi32

RegCreateKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyExW
RegEnumValueW
RegOpenKeyW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
RegSetValueExW
OpenThreadToken

shlwapi

SHDeleteKeyW

Exports

Exports

??0Assembler@asmjit@@QAE@PAURuntime@1@@Z
??0CodeGen@asmjit@@QAE@PAURuntime@1@@Z
??0HostRuntime@asmjit@@QAE@XZ
??0JitRuntime@asmjit@@QAE@XZ
??0Runtime@asmjit@@QAE@XZ
??0StaticRuntime@asmjit@@QAE@PAXI@Z
??0VMemMgr@asmjit@@QAE@PAX@Z
??0X86Assembler@asmjit@@QAE@PAURuntime@1@I@Z
??0Zone@asmjit@@QAE@I@Z
??1Assembler@asmjit@@UAE@XZ
??1CodeGen@asmjit@@UAE@XZ
??1HostRuntime@asmjit@@UAE@XZ
??1JitRuntime@asmjit@@UAE@XZ
??1Runtime@asmjit@@UAE@XZ
??1StaticRuntime@asmjit@@UAE@XZ
??1VMemMgr@asmjit@@QAE@XZ
??1X86Assembler@asmjit@@UAE@XZ
??1Zone@asmjit@@QAE@XZ
??_FVMemMgr@asmjit@@QAEXXZ
?_alloc@Zone@asmjit@@QAEPAXI@Z
?_emit@X86Assembler@asmjit@@UAEIIABUOperand@2@000@Z
?_grow@Assembler@asmjit@@QAEII@Z
?_grow@PodVectorBase@asmjit@@IAEIII@Z
?_newLabel@Assembler@asmjit@@QAEIPAULabel@2@@Z
?_newLabelLink@Assembler@asmjit@@QAEPAULabelLink@2@XZ
?_nullData@PodVectorBase@asmjit@@2UPodVectorData@2@B
?_registerIndexedLabels@Assembler@asmjit@@QAEII@Z
?_relocCode@X86Assembler@asmjit@@UBEIPAX_K@Z
?_reserve@Assembler@asmjit@@QAEII@Z
?_reserve@PodVectorBase@asmjit@@IAEIII@Z
?_x86CondToCmovcc@asmjit@@3QBIB
?_x86CondToJcc@asmjit@@3QBIB
?_x86CondToSetcc@asmjit@@3QBIB
?_x86InstExtendedInfo@asmjit@@3QBUX86InstExtendedInfo@1@B
?_x86InstInfo@asmjit@@3QBUX86InstInfo@1@B
?_x86ReverseCond@asmjit@@3QBIB
?add@JitRuntime@asmjit@@UAEIPAPAXPAUAssembler@2@@Z
?add@StaticRuntime@asmjit@@UAEIPAPAXPAUAssembler@2@@Z
?align@X86Assembler@asmjit@@UAEIII@Z
?alloc@VMemMgr@asmjit@@QAEPAXII@Z
?alloc@VMemUtil@asmjit@@SAPAXIPAII@Z
?allocProcessMemory@VMemUtil@asmjit@@SAPAXPAXIPAII@Z
?allocZeroed@Zone@asmjit@@QAEPAXI@Z
?bind@Assembler@asmjit@@UAEIABULabel@2@@Z
?callCpuId@X86CpuUtil@asmjit@@SAXIIPATX86CpuId@2@@Z
?detect@X86CpuUtil@asmjit@@SAXPAUX86CpuInfo@2@@Z
?detectHwThreadsCount@CpuInfo@asmjit@@SAIXZ
?dup@Zone@asmjit@@QAEPAXPBXI@Z
?embed@Assembler@asmjit@@UAEIPBXI@Z
?embedLabel@X86Assembler@asmjit@@QAEIABULabel@2@@Z
?emit@Assembler@asmjit@@QAEII@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00_K@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0_K@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@_K@Z
?emit@Assembler@asmjit@@QAEIIH@Z
?emit@Assembler@asmjit@@QAEII_K@Z
?flush@HostRuntime@asmjit@@UAEXPAXI@Z
?getCpuInfo@HostRuntime@asmjit@@UAEPBUCpuInfo@2@XZ
?getHost@CpuInfo@asmjit@@SAPBU12@XZ
?getPageGranularity@VMemUtil@asmjit@@SAIXZ
?getPageSize@VMemUtil@asmjit@@SAIXZ
?getStackAlignment@HostRuntime@asmjit@@UAEIXZ
?make@Assembler@asmjit@@UAEPAXXZ
?noOperand@asmjit@@3UOperand@1@B
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KABUX86Reg@2@IHI@Z
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KHI@Z
?release@JitRuntime@asmjit@@UAEIPAX@Z
?release@StaticRuntime@asmjit@@UAEIPAX@Z
?release@VMemMgr@asmjit@@QAEIPAX@Z
?release@VMemUtil@asmjit@@SAIPAXI@Z
?releaseProcessMemory@VMemUtil@asmjit@@SAIPAX0I@Z
?relocCode@Assembler@asmjit@@QBEIPAX_K@Z
?reset@Assembler@asmjit@@QAEX_N@Z
?reset@PodVectorBase@asmjit@@QAEX_N@Z
?reset@VMemMgr@asmjit@@QAEXXZ
?reset@Zone@asmjit@@QAEX_N@Z
?sdup@Zone@asmjit@@QAEPADPBD@Z
?setArch@X86Assembler@asmjit@@QAEII@Z
?setError@CodeGen@asmjit@@QAEIIPBD@Z
?setErrorHandler@CodeGen@asmjit@@QAEIPAUErrorHandler@2@@Z
?sformat@Zone@asmjit@@QAAPADPBDZZ
?shrink@VMemMgr@asmjit@@QAEIPAXI@Z
?x86RegData@asmjit@@3UX86RegData@1@B

Sections

.text
Size: 1024KB - Virtual size: 1023KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aba2109f725e5b3ee34ebcc61bea1aa2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

imm32

wininet

urlmon

dwmapi

winmm

opengl32

ole32

glu32

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 1024KB - Virtual size: 1023KB

.rdata Size: 275KB - Virtual size: 275KB

.data Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 37KB - Virtual size: 37KB

.text
Size: 1024KB - Virtual size: 1023KB

.rdata
Size: 275KB - Virtual size: 275KB

.data
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 37KB - Virtual size: 37KB