loader_2[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

loader_2.exe
Size

15.8MB
MD5

f9ad8a7c92d0921a26e24f29930d6a5a
SHA1

3b9435006ebb4e19cea30409386e0a5cdabf77c2
SHA256

7e7a07eb82913a55b139630604f80586c414be285ed0e588e72f50815ab07ea4
SHA512

3e7accb79af061a1895049f069877c6d30a2da7be5700bbf44b0ed2259fa689dbdf25c9a5c498414b10409fc744caebde3d5f5bd011227ebc38148486feff6fe
SSDEEP

393216:YVEe/6F7EkUN3GBYzInRdGlSohPvdHbEuHL23HYQKCI:X261YWqwG4SXd7E4iIdCI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

loader_2.exe

resource
loader_2.exe

Files

loader_2.exe
.exe windows:6 windows x64 arch:x64

233a021425995d0b01b672a5f87ccb11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersAddresses

cfgmgr32

CM_Reenumerate_DevNode

httpapi

HttpReceiveRequestEntityBody

kernel32

Process32NextW
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowThreadProcessId
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCloseKey

ole32

CoInitializeEx

oleaut32

SysAllocString

ntdll

RtlVirtualUnwind

shlwapi

SHDeleteValueW

wininet

InternetCheckConnectionW

dxgi

CreateDXGIFactory

setupapi

SetupDiDestroyDeviceInfoList

winhttp

WinHttpSetCredentials

bcrypt

BCryptGetProperty

crypt32

CertFreeCertificateContext

wtsapi32

WTSSendMessageW

Exports

Exports

"��v �}%��Vؽ�� WM�B��ޚK�5q\��;��T�� B�}%J� ��>{��:��uQ L�|��H�;��N�χ9z��L�I�[��B�A��ك��j��6��<{�>p�/��QR ��҄��1��(p�Tr0��$�� A��eV�#0��D��VU[�Tf>�^��E;�w��s�/&�ht� y��W��k��V�v=Z� (�@"s�3AUt~�zL��W�>��VSf�X��TU��:�!q�� !�׈�'�Rс��P_�=�M �2p2�0��?�+DO�GN(ˊ�][xA�=��F��;��,TʋAI�CѩR\�E�Ss��}�Y�+aQ��!�6_��Ї� %D[��k�1V�:t�L�3��\U�E�Ҝ kq.n`m�ۦ%��D��j�8f�K�n�I�^�?��C��$��}�Ql��%��[�uX߬ �u�SA� ��Ot�@h��Z&�?�.��m,l�>�ss�x&� ��918�A �t$�TGc�"�$9�.�[�qd��x��놢~@�ׯH.qq�>r��a$j�>�Bk��l�F��I��!��J�6��Ԗ�ɑ�M�'�'��q&��e�P��=�s]�3.��=ĭ�+�8=fra�Jm� ��\~Ob��z�sp��o��4� \�X�=��/)�yy;��/6 ��)�Ҡِ'*s�|�N�8�wt(�yI�FZA��w�IB�=NKQ��>�/c��L��U�X]7�GJ'��f꾲�^xs��>�� F}�85Y��:�`�d�ve��7:��"��ns\sC3�v�|�Fn�H�@:��O��5P>+)x��Q��6\�"�{�=%�T��t�7��z��G�q6!$��B^�5��?ۄ�Mf��Lբ�KvkV_/�L�(�*��.Ym 1�KGjVy_}�4�{��2f#x��$��A�.J�vځe}D��.�R��S�Ƒ�J��П+��LveNQ>D�=Qpѹ4�� 'ґK�1��,�NPqJ�r��9b��8Ӳ,I7��K��E�@��h=�-��_��{zG�M� ��dd+�[�P��ZRS;H�yz��1Z�ޮ%IY@e�a%�u1��dQ�[��WiN��r�oCh��T�<L{SV+��k� ��aZ�%nET(��N!��E{��9o�~|�:��_�cZ�M_��u��;��2��6��ՊPiJhi��$��&"1�+f�� M�W�µ�k� ��G�q��c+A��s�`�ni�D��¿�Z��&��)�k� 1��c��L�n�s��)ꮼ�~n��D��V��+�ya��!a��n��ҒHQ̏�~i7�,�P�֤�Ʈ�\ڦ��O�� sN�֡��|K�M��b��h��|��ޣ��5�~�e��*d�<��%P`�X��lNгh�lC��xg�%GU/��C��'�g␯p��w��D��b��x��۝�]�=d�k#�m��QB�W�:'�!!)*�ˢ�_�M�2Ƞk`N�a�1�r��n� �"��ev��2��;DK.>�"�_*ә��毺��F�o��$�*��Z޵�{u��*��>�5HQ��}�pAb�F��Q��R.|c�U�n�t�fա7�Ƅ�,�]֥on��mp(��O�||�=8�/��o��.��MT0��J�~��|��CJ��/R�ú~3��1Bî�F�2O.f�Ѣ��OmOY��}$�"�l��8�U��f��W�?��r�L.��Q�3UQǣ�o��N��M_�u~��}��J�hA5�_��C�"�S^j HaӴPO ��W�ZO��0�pH�/� ��xRتt�14V#��Z�JVJ��[�#Y��$RX�U�rO�9$��0��SL*Z�n�s(�O�0��P��t�4Z�2�vۭ��0p�d�fU�՜��Y�ͅ|Տ�N�%�(Ť��=�L� c~��[��)|)��vk�\C�� 6�W,�l�>󤈔��s\�/Q5[J�M�'! ��Q�ģڎ��|\��W1��B��c��g�pWw�Ѭ<��^V-p��K�|�V��v�/�]sD�"�)�|��~f�U�ə�e�c~�-"�J��H|A3��|׏��Km��((i��U�H�O��o]]ږ�+Y ��k��]JD(��&4��N`��4��1@��1�lw,[e��f��{�RV� ��D�b�D��NN�zD[��{��I��VL?ڌ��q� aٲ0v7�$�t�Y?P�{�GX�`�Ƶ��Xh7=�"��K�� 8-)�/��,�D#��7�u\��D R}NaT�X��_�S��Z��*+ŕ�b5�W��T��?�R�s�5޷��XV��٦�q'�f��nE��a"��@@ %��"M>��#�T�M �O��Y��Q��>ׄfE5�L��xS�.O+8�_��䯂��b,�-�r��q2pQPVĚob�0&�u��D��&*'�b�� a�pW��1V��A[��7��֎�@�)�%7M��s3C6X `F�Wޑ��E��ɺ��KP5�4��YF*,��^Jf�I��TK��Mhp�_�ƠNJ_}qȋ|��P��_�ʣ܃��h��}s5�?�x�m��9J�mtǥ�3+�R��p�y��~sh�VvN$��=�4>��W**� �Ey��10��kM�~��c��,_M��"��f��iO1��-�w��J�8/�>��#�'pA*�l��m�ٓ�f��y�aq�Yw��]�=�\�\��z�{ޒ ��)4xL5,B%��ۂi�W�H��{1ny(*�{�F�U��ݮ��k{�rI

Sections

.text
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 36.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vtext0
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vtext1
Size: 15.8MB - Virtual size: 15.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

233a021425995d0b01b672a5f87ccb11

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

cfgmgr32

httpapi

kernel32

user32

advapi32

ole32

oleaut32

ntdll

shlwapi

wininet

dxgi

setupapi

winhttp

bcrypt

crypt32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 1.2MB

.rdata Size: - Virtual size: 316KB

.data Size: - Virtual size: 36.1MB

.pdata Size: - Virtual size: 49KB

_RDATA Size: - Virtual size: 244B

.vtext0 Size: - Virtual size: 3.5MB

.vtext1 Size: 15.8MB - Virtual size: 15.8MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 1.2MB

.rdata
Size: - Virtual size: 316KB

.data
Size: - Virtual size: 36.1MB

.pdata
Size: - Virtual size: 49KB

_RDATA
Size: - Virtual size: 244B

.vtext0
Size: - Virtual size: 3.5MB

.vtext1
Size: 15.8MB - Virtual size: 15.8MB

.rsrc
Size: 512B - Virtual size: 480B