privateloader | tmp

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

8.1MB
MD5

e0867768cebfc3a3da7dbc74afa1db8a
SHA1

dbbd64db45d5e553e6c1aecf703076f53dce5713
SHA256

03db788cdb0fe7f36b5e0b9548ca7a6243fd1161012cf7181408e1c36b57454a
SHA512

2ad50966753915c4a7f0f2dc3869841367991569f9d384df0d47055615a886df999d1e00c3a95bab4a9a1fd1371344e010c0253b5d4333c70f46f978e5ee8ce7
SSDEEP

196608:NvuKM5Fca12xeZx2aNEDeB4IBQGCsIOkdcTNUWgtYF:N2K6Ultd0NetYF

Score

10^/10

privateloader

Malware Config

Signatures

Privateloader family
privateloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp

Files

tmp
.exe windows:5 windows x86 arch:x86

c9f97ff88b41724d0766742d9e44d47b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\TANAWANT-THONGPING-STUDIO\src\RSUpdate\Release\WarZlauncher.pdb

Imports

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXCreateFontA
D3DXSaveSurfaceToFileA
D3DXGetImageInfoFromFileInMemory
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateTextureFromFileInMemory

d3d9

Direct3DCreate9

kernel32

GlobalUnlock
UpdateProcThreadAttribute
CreateProcessW
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapCreate
HeapReAlloc
GetConsoleMode
GetConsoleCP
FreeLibrary
DeleteCriticalSection
CreateFileW
GetFileSize
WriteFile
ReadFile
IsValidCodePage
GetCPInfo
GetFileTime
FormatMessageA
GetStdHandle
SetHandleCount
HeapSize
SetLastError
TlsFree
GetComputerNameA
GetOEMCP
TlsSetValue
TlsAlloc
TlsGetValue
LoadLibraryA
MultiByteToWideChar
GetModuleFileNameA
ExitProcess
GetModuleHandleW
CopyFileA
GlobalMemoryStatusEx
GetProcessHeap
GetFileType
GetDriveTypeA
FileTimeToLocalFileTime
GetACP
GetTickCount
GetLocalTime
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
CreateThread
GetCurrentThreadId
CreateFileA
GetFileAttributesA
CreateDirectoryA
FindFirstFileA
FindClose
SetFileAttributesW
CreateDirectoryW
GetProcAddress
GetVersionExA
WaitForSingleObject
TerminateThread
CloseHandle
EnterCriticalSection
LeaveCriticalSection
OpenEventA
RaiseException
GetStartupInfoA
GetCommandLineA
HeapFree
HeapAlloc
UnhandledExceptionFilter
ExitThread
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
ResumeThread
SetUnhandledExceptionFilter
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32First
Module32Next
InterlockedDecrement
CreateFileMappingA
UnmapViewOfFile
MulDiv
DuplicateHandle
GetCurrentThread
TryEnterCriticalSection
InterlockedExchangeAdd
GetFileAttributesW
WakeConditionVariable
WakeAllConditionVariable
InitializeConditionVariable
SleepConditionVariableCS
lstrlenA
OpenFileMappingA
InitializeProcThreadAttributeList
VirtualProtect
WTSGetActiveConsoleSessionId
GlobalFree
SetFilePointer
DeleteFileW
MoveFileW
GetTempPathA
GetTempPathW
GetCurrentDirectoryW
GetFullPathNameW
LocalFree
GetLastError
InterlockedIncrement
InitializeCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
SetFileAttributesA
MoveFileA
DeleteFileA
SetConsoleTitleA
AllocConsole
Sleep
GlobalAlloc
SetEndOfFile
GlobalLock
GetCurrentProcess
TerminateProcess
GetCurrentDirectoryA
GetFullPathNameA
CreateEventA
SetEvent
OutputDebugStringA
GetSystemInfo
MapViewOfFile
InterlockedExchange
GetModuleHandleA
QueryPerformanceFrequency
QueryPerformanceCounter
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent

user32

ShowCursor
CreateWindowExA
GetActiveWindow
InvalidateRect
UpdateWindow
BeginPaint
EndPaint
SetClipboardViewer
ChangeClipboardChain
SetWindowPos
GetClientRect
ClientToScreen
PostQuitMessage
PeekMessageW
GetMessageW
SendMessageA
SetFocus
MessageBoxA
LoadIconA
LoadCursorA
LoadStringW
SetRect
AdjustWindowRect
GetWindowLongA
SwitchToThisWindow
GetAsyncKeyState
CloseClipboard
GetClipboardData
OpenClipboard
GetKeyState
GetFocus
GetCaretBlinkTime
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
ShowWindow
SetWindowTextA
SetWindowLongA
DefWindowProcA
SetCapture
GetWindowRect
GetCursorPos
ReleaseCapture
ClipCursor
RegisterClassA

gdi32

DeleteDC
GetDeviceCaps
CreateICA
GetStockObject
CreateFontA
CreateCompatibleDC
LineTo
MoveToEx
ExtTextOutA
CreatePen
SetMapMode
CreateDIBSection
SetTextAlign
SetBkColor
SetTextColor
DeleteObject
GetTextExtentPoint32A
SelectObject

advapi32

RegCloseKey
GetUserNameA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptExportKey
CryptDestroyKey
CryptGetUserKey
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
CryptAcquireContextW
CryptGetProvParam
QueryServiceStatusEx
CryptEnumProvidersA

shell32

SHGetFolderPathA
ShellExecuteA

ole32

CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantClear
SysStringLen

iphlpapi

GetAdaptersInfo
GetIpNetTable
SendARP
GetNetworkParams

dbghelp

MiniDumpWriteDump
MakeSureDirectoryPathExists

wtsapi32

WTSSendMessageA

ntdll

RtlImageNtHeader
RtlUnwind

ws2_32

shutdown
closesocket
sendto
recvfrom
recv
send
inet_ntoa
getsockopt
setsockopt
ioctlsocket
WSAGetLastError
socket
WSAStartup
ntohs
getsockname
gethostbyname
inet_addr
htons
connect
select
__WSAFDIsSet
bind

dinput8

DirectInput8Create

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertCreateCertificateContext
CertGetCertificateContextProperty
CryptDecodeObject
CertSetCertificateContextProperty
CertDuplicateCertificateContext
CertNameToStrW
CertFreeCertificateContext
CryptEncryptMessage
CertOpenStore
CertGetSubjectCertificateFromStore
CryptMsgControl
CryptMsgGetParam
CryptMsgClose
CryptMsgUpdate
CryptMsgOpenToDecode
CryptDecryptMessage
CryptEncodeObject

Exports

Exports

ZSTDMT_compressCCtx
ZSTDMT_compressStream
ZSTDMT_compressStream_generic
ZSTDMT_compress_advanced
ZSTDMT_createCCtx
ZSTDMT_createCCtx_advanced
ZSTDMT_endStream
ZSTDMT_flushStream
ZSTDMT_freeCCtx
ZSTDMT_getMTCtxParameter
ZSTDMT_initCStream
ZSTDMT_initCStream_advanced
ZSTDMT_initCStream_usingCDict
ZSTDMT_resetCStream
ZSTDMT_setMTCtxParameter
ZSTDMT_sizeof_CCtx
ZSTD_CCtxParam_getParameter
ZSTD_CCtxParam_setParameter
ZSTD_CCtxParams_init
ZSTD_CCtxParams_init_advanced
ZSTD_CCtxParams_reset
ZSTD_CCtx_getParameter
ZSTD_CCtx_loadDictionary
ZSTD_CCtx_loadDictionary_advanced
ZSTD_CCtx_loadDictionary_byReference
ZSTD_CCtx_refCDict
ZSTD_CCtx_refPrefix
ZSTD_CCtx_refPrefix_advanced
ZSTD_CCtx_reset
ZSTD_CCtx_resetParameters
ZSTD_CCtx_setParameter
ZSTD_CCtx_setParametersUsingCCtxParams
ZSTD_CCtx_setPledgedSrcSize
ZSTD_CStreamInSize
ZSTD_CStreamOutSize
ZSTD_DCtx_loadDictionary
ZSTD_DCtx_loadDictionary_advanced
ZSTD_DCtx_loadDictionary_byReference
ZSTD_DCtx_refDDict
ZSTD_DCtx_refPrefix
ZSTD_DCtx_refPrefix_advanced
ZSTD_DCtx_reset
ZSTD_DCtx_setFormat
ZSTD_DCtx_setMaxWindowSize
ZSTD_DStreamInSize
ZSTD_DStreamOutSize
ZSTD_adjustCParams
ZSTD_checkCParams
ZSTD_compress
ZSTD_compressBegin
ZSTD_compressBegin_advanced
ZSTD_compressBegin_usingCDict
ZSTD_compressBegin_usingCDict_advanced
ZSTD_compressBegin_usingDict
ZSTD_compressBlock
ZSTD_compressBound
ZSTD_compressCCtx
ZSTD_compressContinue
ZSTD_compressEnd
ZSTD_compressStream
ZSTD_compress_advanced
ZSTD_compress_generic
ZSTD_compress_generic_simpleArgs
ZSTD_compress_usingCDict
ZSTD_compress_usingCDict_advanced
ZSTD_compress_usingDict
ZSTD_copyCCtx
ZSTD_copyDCtx
ZSTD_createCCtx
ZSTD_createCCtxParams
ZSTD_createCCtx_advanced
ZSTD_createCDict
ZSTD_createCDict_advanced
ZSTD_createCDict_byReference
ZSTD_createCStream
ZSTD_createCStream_advanced
ZSTD_createDCtx
ZSTD_createDCtx_advanced
ZSTD_createDDict
ZSTD_createDDict_advanced
ZSTD_createDDict_byReference
ZSTD_createDStream
ZSTD_createDStream_advanced
ZSTD_decodingBufferSize_min
ZSTD_decompress
ZSTD_decompressBegin
ZSTD_decompressBegin_usingDDict
ZSTD_decompressBegin_usingDict
ZSTD_decompressBlock
ZSTD_decompressContinue
ZSTD_decompressDCtx
ZSTD_decompressStream
ZSTD_decompress_generic
ZSTD_decompress_generic_simpleArgs
ZSTD_decompress_usingDDict
ZSTD_decompress_usingDict
ZSTD_endStream
ZSTD_estimateCCtxSize
ZSTD_estimateCCtxSize_usingCCtxParams
ZSTD_estimateCCtxSize_usingCParams
ZSTD_estimateCDictSize
ZSTD_estimateCDictSize_advanced
ZSTD_estimateCStreamSize
ZSTD_estimateCStreamSize_usingCCtxParams
ZSTD_estimateCStreamSize_usingCParams
ZSTD_estimateDCtxSize
ZSTD_estimateDDictSize
ZSTD_estimateDStreamSize
ZSTD_estimateDStreamSize_fromFrame
ZSTD_findDecompressedSize
ZSTD_findFrameCompressedSize
ZSTD_flushStream
ZSTD_frameHeaderSize
ZSTD_freeCCtx
ZSTD_freeCCtxParams
ZSTD_freeCDict
ZSTD_freeCStream
ZSTD_freeDCtx
ZSTD_freeDDict
ZSTD_freeDStream
ZSTD_getBlockSize
ZSTD_getCParams
ZSTD_getDecompressedSize
ZSTD_getDictID_fromDDict
ZSTD_getDictID_fromDict
ZSTD_getDictID_fromFrame
ZSTD_getErrorCode
ZSTD_getErrorName
ZSTD_getErrorString
ZSTD_getFrameContentSize
ZSTD_getFrameHeader
ZSTD_getFrameHeader_advanced
ZSTD_getParams
ZSTD_initCStream
ZSTD_initCStream_advanced
ZSTD_initCStream_srcSize
ZSTD_initCStream_usingCDict
ZSTD_initCStream_usingCDict_advanced
ZSTD_initCStream_usingDict
ZSTD_initDStream
ZSTD_initDStream_usingDDict
ZSTD_initDStream_usingDict
ZSTD_initStaticCCtx
ZSTD_initStaticCDict
ZSTD_initStaticCStream
ZSTD_initStaticDCtx
ZSTD_initStaticDDict
ZSTD_initStaticDStream
ZSTD_insertBlock
ZSTD_isError
ZSTD_isFrame
ZSTD_maxCLevel
ZSTD_nextInputType
ZSTD_nextSrcSizeToDecompress
ZSTD_resetCStream
ZSTD_resetDStream
ZSTD_setDStreamParameter
ZSTD_sizeof_CCtx
ZSTD_sizeof_CDict
ZSTD_sizeof_CStream
ZSTD_sizeof_DCtx
ZSTD_sizeof_DDict
ZSTD_sizeof_DStream
ZSTD_versionNumber
ZSTD_versionString

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 793KB - Virtual size: 792KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9f97ff88b41724d0766742d9e44d47b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3dx9_43

d3d9

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

dbghelp

wtsapi32

ntdll

ws2_32

dinput8

crypt32

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 793KB - Virtual size: 792KB

.data Size: 1.3MB - Virtual size: 2.0MB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 3.7MB - Virtual size: 3.7MB

.reloc Size: 176KB - Virtual size: 176KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 793KB - Virtual size: 792KB

.data
Size: 1.3MB - Virtual size: 2.0MB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

.reloc
Size: 176KB - Virtual size: 176KB