C:\Users\dev\Downloads\loader\x64\Release\loader.pdb
Static task
static1
1 signatures
General
-
Target
loader_2.exe
-
Size
5.1MB
-
MD5
54a3760aba5870e62506d1dcea3db4af
-
SHA1
4aaffe4b0cac751b5834d6a36242896d209a44ea
-
SHA256
a7095a86932b7d577b4c0c3d126fdbc73fdcf1a2a714530b547c4a212bda4b8f
-
SHA512
3dd8397fd601f03bbcad20894460879b117f3d3aa33e577ed23073838328c7f31891b6904de73800f254212745425a083345f691bd30bb5ea0a31169007f0b55
-
SSDEEP
49152:B6VwASO2GtlqTJIU6itcfhoPn6jiYuthdIw76YUOnsbJuVmvBtj/texel0hFzpFf:Fu+/7xLvsbTZ0hFzpFS1mz5i0zv7sc
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource loader_2.exe
Files
-
loader_2.exe.exe windows:6 windows x64 arch:x64
ed5bcb258a87e1912318266801d13dfd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
TerminateProcess
SetConsoleTitleA
QueryPerformanceCounter
WriteConsoleW
HeapSize
DeleteFileW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
SetEndOfFile
GetTimeZoneInformation
SetStdHandle
HeapReAlloc
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetConsoleOutputCP
GetModuleFileNameW
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
CreateThread
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
VerSetConditionMask
QueryPerformanceFrequency
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
IsDebuggerPresent
GetCurrentThread
OpenThread
SetThreadContext
VirtualFreeEx
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
K32GetModuleFileNameExA
SleepConditionVariableSRW
WakeAllConditionVariable
GetStringTypeW
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
EncodePointer
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
GetCurrentDirectoryW
LocalFree
GetFileSizeEx
CreateFileW
VerifyVersionInfoW
SleepEx
WaitForMultipleObjects
PeekNamedPipe
ReadFile
ReadProcessMemory
VirtualAllocEx
GetThreadContext
LoadLibraryA
GetTickCount64
Sleep
GetModuleHandleA
ResumeThread
SuspendThread
Thread32First
Thread32Next
GetProcessId
WriteProcessMemory
IsWow64Process
CloseHandle
Process32Next
GetLastError
CreateToolhelp32Snapshot
K32EnumProcessModules
RtlCaptureContext
OpenProcess
GetProcAddress
GetCurrentProcess
Process32First
WideCharToMultiByte
AllocConsole
GetModuleHandleW
ExitProcess
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExW
GetSystemDirectoryW
CreateEventW
SetEvent
GetEnvironmentVariableW
RtlVirtualUnwind
GetStdHandle
GetFileType
WriteFile
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
VirtualFree
GetACP
GetSystemDirectoryA
FormatMessageA
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
GetExitCodeThread
CreateSemaphoreA
GetSystemTime
SystemTimeToFileTime
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
GetTickCount
InitializeCriticalSectionEx
RtlUnwind
user32
ReleaseDC
GetSystemMetrics
GetDC
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
SetCursorPos
IsIconic
ReleaseCapture
GetClientRect
SetWindowLongW
SetCursor
SetCapture
LoadCursorW
BringWindowToTop
SetFocus
SetLayeredWindowAttributes
TrackMouseEvent
IsChild
ClientToScreen
GetMonitorInfoW
GetCapture
ShowWindow
WindowFromPoint
RegisterClassExW
SetWindowTextW
UnregisterClassW
ScreenToClient
CreateWindowExW
EnumDisplayMonitors
MonitorFromWindow
SetWindowPos
DestroyWindow
GetKeyState
AdjustWindowRectEx
GetForegroundWindow
SetForegroundWindow
DefWindowProcW
GetWindowLongW
MessageBoxA
UpdateWindow
RegisterClassExA
PostQuitMessage
DispatchMessageA
GetMonitorInfoA
DefWindowProcA
CreateWindowExA
TranslateMessage
PeekMessageA
UnregisterClassA
gdi32
BitBlt
DeleteObject
DeleteDC
GetDIBits
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
advapi32
CryptGetProvParam
CryptAcquireContextW
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyKey
CryptSetHashParam
CryptEncrypt
CryptImportKey
CryptHashData
CryptGetHashParam
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
GetUserNameA
CryptReleaseContext
ole32
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoUninitialize
oleaut32
SysStringLen
SysAllocString
SysFreeString
VariantClear
d3d11
D3D11CreateDeviceAndSwapChain
ws2_32
gethostname
freeaddrinfo
htons
recv
connect
socket
send
inet_addr
WSAStartup
closesocket
WSACleanup
htonl
ioctlsocket
getsockname
getsockopt
ntohs
select
gethostbyname
WSAGetLastError
inet_ntoa
gethostbyaddr
getservbyport
getservbyname
WSASetLastError
accept
bind
listen
setsockopt
shutdown
getpeername
recvfrom
sendto
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
inet_pton
inet_ntop
WSAIoctl
__WSAFDIsSet
getaddrinfo
crypt32
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertOpenSystemStoreW
CertFreeCertificateChain
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFindCertificateInStore
iphlpapi
GetAdaptersInfo
imm32
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow
ImmAssociateContextEx
d3dcompiler_47
D3DCompile
bcrypt
BCryptGenRandom
Sections
.text Size: 3.7MB - Virtual size: 3.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 975KB - Virtual size: 974KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 176KB - Virtual size: 195KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 146KB - Virtual size: 146KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ