loader[.]exe | Triage

Resubmissions

15/04/2024, 23:49

240415-3vbcasde9w 6

15/04/2024, 23:46

240415-3smmjsbf25 6

Sharing

Copy URL Twitter E-mail

General

Target

loader.exe
Size

5.1MB
MD5

acddbe27babc4fe65a3f3741f2fc0e73
SHA1

420818aea699cf667b3fe7f71c8bb5eb40655403
SHA256

8f5a01fee6105b17919e644acf7e024fbec046726e2bcc38bc1d41d47a0d8c38
SHA512

eaf84cda50f689b89d85dbbf54637de1aa2b3921dbcc967d1f8c83dc31f56d4b561ef9d99c4f38cb8c077d87862f060f77129b1e0ffc784a9aeaebfc91f5d0a1
SSDEEP

49152:B6VwASO2GtlqTJIU6itcfhoPn6WiYuthdIw76YUOnsbJuVmvBtj/texel0hFzpFf:Fu+/KxLvsbTZ0hFzpFS1mz5i0zv7sc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
loader.exe

Files

loader.exe
.exe windows:6 windows x64 arch:x64

ed5bcb258a87e1912318266801d13dfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\dev\Downloads\loader\x64\Release\loader.pdb

Imports

kernel32

TerminateProcess
SetConsoleTitleA
QueryPerformanceCounter
WriteConsoleW
HeapSize
DeleteFileW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
SetEndOfFile
GetTimeZoneInformation
SetStdHandle
HeapReAlloc
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetConsoleOutputCP
GetModuleFileNameW
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
CreateThread
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
VerSetConditionMask
QueryPerformanceFrequency
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
IsDebuggerPresent
GetCurrentThread
OpenThread
SetThreadContext
VirtualFreeEx
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
K32GetModuleFileNameExA
SleepConditionVariableSRW
WakeAllConditionVariable
GetStringTypeW
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
EncodePointer
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
GetCurrentDirectoryW
LocalFree
GetFileSizeEx
CreateFileW
VerifyVersionInfoW
SleepEx
WaitForMultipleObjects
PeekNamedPipe
ReadFile
ReadProcessMemory
VirtualAllocEx
GetThreadContext
LoadLibraryA
GetTickCount64
Sleep
GetModuleHandleA
ResumeThread
SuspendThread
Thread32First
Thread32Next
GetProcessId
WriteProcessMemory
IsWow64Process
CloseHandle
Process32Next
GetLastError
CreateToolhelp32Snapshot
K32EnumProcessModules
RtlCaptureContext
OpenProcess
GetProcAddress
GetCurrentProcess
Process32First
WideCharToMultiByte
AllocConsole
GetModuleHandleW
ExitProcess
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExW
GetSystemDirectoryW
CreateEventW
SetEvent
GetEnvironmentVariableW
RtlVirtualUnwind
GetStdHandle
GetFileType
WriteFile
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
VirtualFree
GetACP
GetSystemDirectoryA
FormatMessageA
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
GetExitCodeThread
CreateSemaphoreA
GetSystemTime
SystemTimeToFileTime
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
GetTickCount
InitializeCriticalSectionEx
RtlUnwind

user32

ReleaseDC
GetSystemMetrics
GetDC
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
SetCursorPos
IsIconic
ReleaseCapture
GetClientRect
SetWindowLongW
SetCursor
SetCapture
LoadCursorW
BringWindowToTop
SetFocus
SetLayeredWindowAttributes
TrackMouseEvent
IsChild
ClientToScreen
GetMonitorInfoW
GetCapture
ShowWindow
WindowFromPoint
RegisterClassExW
SetWindowTextW
UnregisterClassW
ScreenToClient
CreateWindowExW
EnumDisplayMonitors
MonitorFromWindow
SetWindowPos
DestroyWindow
GetKeyState
AdjustWindowRectEx
GetForegroundWindow
SetForegroundWindow
DefWindowProcW
GetWindowLongW
MessageBoxA
UpdateWindow
RegisterClassExA
PostQuitMessage
DispatchMessageA
GetMonitorInfoA
DefWindowProcA
CreateWindowExA
TranslateMessage
PeekMessageA
UnregisterClassA

gdi32

BitBlt
DeleteObject
DeleteDC
GetDIBits
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
GetDeviceCaps

advapi32

CryptGetProvParam
CryptAcquireContextW
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyKey
CryptSetHashParam
CryptEncrypt
CryptImportKey
CryptHashData
CryptGetHashParam
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
GetUserNameA
CryptReleaseContext

ole32

CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysStringLen
SysAllocString
SysFreeString
VariantClear

d3d11

D3D11CreateDeviceAndSwapChain

ws2_32

gethostname
freeaddrinfo
htons
recv
connect
socket
send
inet_addr
WSAStartup
closesocket
WSACleanup
htonl
ioctlsocket
getsockname
getsockopt
ntohs
select
gethostbyname
WSAGetLastError
inet_ntoa
gethostbyaddr
getservbyport
getservbyname
WSASetLastError
accept
bind
listen
setsockopt
shutdown
getpeername
recvfrom
sendto
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
inet_pton
inet_ntop
WSAIoctl
__WSAFDIsSet
getaddrinfo

crypt32

CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertOpenSystemStoreW
CertFreeCertificateChain
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFindCertificateInStore

iphlpapi

GetAdaptersInfo

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow
ImmAssociateContextEx

d3dcompiler_47

D3DCompile

bcrypt

BCryptGenRandom

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 975KB - Virtual size: 974KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

ed5bcb258a87e1912318266801d13dfd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

d3d11

ws2_32

crypt32

iphlpapi

imm32

d3dcompiler_47

bcrypt

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 975KB - Virtual size: 974KB

.data Size: 176KB - Virtual size: 195KB

.pdata Size: 146KB - Virtual size: 146KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 41KB - Virtual size: 41KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 975KB - Virtual size: 974KB

.data
Size: 176KB - Virtual size: 195KB

.pdata
Size: 146KB - Virtual size: 146KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 41KB - Virtual size: 41KB