WenzaLoader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WenzaLoader.exe
Size

162KB
MD5

f0aa749f97ef2c3950fa3f83eb0b3102
SHA1

b70af69e427d6a11c6cf3ce7d8e2ed8cbab84344
SHA256

784b327266287b279743aabc0ff0d484c6385c87efaddc59eec585ea4015be08
SHA512

8cddbe741a57de45e143bc577f242f1ee6fbd1d0cff4ed42a1a07b2d755ba0cdd4bdc335372efb6ab5a3258edc67f95665f5f63fc693012b2b3b86153a23cd73
SSDEEP

1536:jbAPWK8bBk5FGexaaAzFftngO2zpWJIv+w4NE5XYywmdZuJ99aDZ8qy5Wb:jbvKek5Ie6FlnQ0q+w4y5nuJnaDZ8f+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WenzaLoader.exe

Files

WenzaLoader.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Est\Desktop\wenza loader\CrossantLoaders\obj\x64\Release\WenzaLoader.pdb

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ