Loader[15 24 28][.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Loader[15 24 28].zip
Size

688KB
MD5

5827b9324b4588496f329bb6eb299a3e
SHA1

a2800a2654c466d0fad79ec221f15ba365392904
SHA256

a2def8b8236406e5a8cda1bbf58be8304c01fa0534b4c2668712aadea84b4acd
SHA512

a35bdb49cdf3c5ea7895488adfbd0b787f361df82302ffdbf6ce727cd60865687fc3703beb85507c6a43e19ffeda0281dfef7355f604ba700844a806cbf58fef
SSDEEP

12288:w5hwgi/VQ35wP+N63H1kPan2+jl2CyMVrjZRLq1Ts+8SVBhAwFZvyMibb3Hs+9J2:wXwREN63VkG2LhMVrdFuTeSVnHZa7bX6

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Loader.exe
unpack001/libcurl.dll

Files

Loader[15 24 28].zip
.zip
Loader.exe
.exe windows:6 windows x64 arch:x64

75b42ab10709020171a421999d0b3da8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Source\LunoLoader\x64\Release\Loader.pdb

Imports

libcurl

curl_easy_init
curl_easy_perform
curl_easy_cleanup
curl_easy_setopt

ole32

CoInitialize
CoCreateInstance
CoUninitialize

kernel32

GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
FreeConsole
SetFileAttributesA
GetModuleHandleW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
GetSystemTimeAsFileTime
EnterCriticalSection
GetCurrentProcess
LeaveCriticalSection
InitializeCriticalSection
ResumeThread
GetSystemInfo
VirtualAllocEx
VirtualFreeEx
GetModuleFileNameW
GetFileAttributesW
LocalFree
CreateActCtxW
WriteFile
GetTempPathW
CreateFileW
UnmapViewOfFile
DeleteFileW
GetTempFileNameW
CreateFileMappingW
ReleaseActCtx
MapViewOfFile
ActivateActCtx
GetEnvironmentVariableW
GetSystemDirectoryW
DeactivateActCtx
GetSystemWow64DirectoryW
Module32FirstW
GetCurrentDirectoryW
GetWindowsDirectoryW
GetNativeSystemInfo
WaitForSingleObject
DuplicateHandle
GetCurrentThread
ResetEvent
GetTickCount
DeviceIoControl
Thread32Next
Thread32First
GetCurrentThreadId
GetCurrentProcessId
ReadFile
CreateNamedPipeW
TerminateThread
CreateThread
MultiByteToWideChar
GetExitCodeThread
Sleep
IsWow64Process
WriteProcessMemory
VirtualProtectEx
GetThreadContext
ReadProcessMemory
CreateRemoteThread
SetThreadContext
VirtualQueryEx
LoadLibraryW
SuspendThread
GetThreadTimes
OpenThread
GetACP
IsValidCodePage
HeapSize
HeapReAlloc
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapAlloc
GetFileType
ReadConsoleW
GetConsoleMode
SetFilePointerEx
HeapFree
GetCommandLineW
GetCommandLineA
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
QueryPerformanceCounter
FreeLibrary
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
DeleteCriticalSection
DecodePointer
GetLastError
InitializeCriticalSectionEx
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
InitializeCriticalSectionAndSpinCount
SetLastError
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
SetStdHandle
WriteConsoleW
SetEndOfFile
UnhandledExceptionFilter
RtlVirtualUnwind
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
GetStringTypeW
EncodePointer
LCMapStringEx
WakeAllConditionVariable
SleepConditionVariableSRW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry

user32

ReleaseCapture
UnregisterClassW
SetCursorPos
GetCursorPos
wsprintfW
GetWindowLongW
DefWindowProcW
SetWindowPos
MessageBoxW
CreateWindowExW
RegisterClassExW
ShowWindow
DispatchMessageW
PeekMessageW
TranslateMessage
SetWindowLongW
PostQuitMessage
UpdateWindow
OpenClipboard
CloseClipboard
EmptyClipboard
GetClientRect
SetClipboardData
GetKeyState
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClipboardData

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyExW
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
RegCreateKeyW
RegEnumValueW

shell32

ShellExecuteA

oleaut32

SysFreeString

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

shlwapi

SHDeleteKeyW

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

urlmon

URLDownloadToFileA

Exports

Exports

??0Assembler@asmjit@@QEAA@PEAURuntime@1@@Z
??0CodeGen@asmjit@@QEAA@PEAURuntime@1@@Z
??0HostRuntime@asmjit@@QEAA@XZ
??0JitRuntime@asmjit@@QEAA@XZ
??0Runtime@asmjit@@QEAA@XZ
??0StaticRuntime@asmjit@@QEAA@PEAX_K@Z
??0VMemMgr@asmjit@@QEAA@PEAX@Z
??0X86Assembler@asmjit@@QEAA@PEAURuntime@1@I@Z
??0Zone@asmjit@@QEAA@_K@Z
??1Assembler@asmjit@@UEAA@XZ
??1CodeGen@asmjit@@UEAA@XZ
??1HostRuntime@asmjit@@UEAA@XZ
??1JitRuntime@asmjit@@UEAA@XZ
??1Runtime@asmjit@@UEAA@XZ
??1StaticRuntime@asmjit@@UEAA@XZ
??1VMemMgr@asmjit@@QEAA@XZ
??1X86Assembler@asmjit@@UEAA@XZ
??1Zone@asmjit@@QEAA@XZ
??_FVMemMgr@asmjit@@QEAAXXZ
?_alloc@Zone@asmjit@@QEAAPEAX_K@Z
?_emit@X86Assembler@asmjit@@UEAAIIAEBUOperand@2@000@Z
?_grow@Assembler@asmjit@@QEAAI_K@Z
?_grow@PodVectorBase@asmjit@@IEAAI_K0@Z
?_newLabel@Assembler@asmjit@@QEAAIPEAULabel@2@@Z
?_newLabelLink@Assembler@asmjit@@QEAAPEAULabelLink@2@XZ
?_nullData@PodVectorBase@asmjit@@2UPodVectorData@2@B
?_registerIndexedLabels@Assembler@asmjit@@QEAAI_K@Z
?_relocCode@X86Assembler@asmjit@@UEBA_KPEAX_K@Z
?_reserve@Assembler@asmjit@@QEAAI_K@Z
?_reserve@PodVectorBase@asmjit@@IEAAI_K0@Z
?_x86CondToCmovcc@asmjit@@3QBIB
?_x86CondToJcc@asmjit@@3QBIB
?_x86CondToSetcc@asmjit@@3QBIB
?_x86InstExtendedInfo@asmjit@@3QBUX86InstExtendedInfo@1@B
?_x86InstInfo@asmjit@@3QBUX86InstInfo@1@B
?_x86ReverseCond@asmjit@@3QBIB
?add@JitRuntime@asmjit@@UEAAIPEAPEAXPEAUAssembler@2@@Z
?add@StaticRuntime@asmjit@@UEAAIPEAPEAXPEAUAssembler@2@@Z
?align@X86Assembler@asmjit@@UEAAIII@Z
?alloc@VMemMgr@asmjit@@QEAAPEAX_KI@Z
?alloc@VMemUtil@asmjit@@SAPEAX_KPEA_KI@Z
?allocProcessMemory@VMemUtil@asmjit@@SAPEAXPEAX_KPEA_KI@Z
?allocZeroed@Zone@asmjit@@QEAAPEAX_K@Z
?bind@Assembler@asmjit@@UEAAIAEBULabel@2@@Z
?callCpuId@X86CpuUtil@asmjit@@SAXIIPEATX86CpuId@2@@Z
?detect@X86CpuUtil@asmjit@@SAXPEAUX86CpuInfo@2@@Z
?detectHwThreadsCount@CpuInfo@asmjit@@SAIXZ
?dup@Zone@asmjit@@QEAAPEAXPEBX_K@Z
?embed@Assembler@asmjit@@UEAAIPEBXI@Z
?embedLabel@X86Assembler@asmjit@@QEAAIAEBULabel@2@@Z
?emit@Assembler@asmjit@@QEAAII@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00H@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00_K@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0H@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0_K@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@H@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@_K@Z
?emit@Assembler@asmjit@@QEAAIIH@Z
?emit@Assembler@asmjit@@QEAAII_K@Z
?flush@HostRuntime@asmjit@@UEAAXPEAX_K@Z
?getCpuInfo@HostRuntime@asmjit@@UEAAPEBUCpuInfo@2@XZ
?getHost@CpuInfo@asmjit@@SAPEBU12@XZ
?getPageGranularity@VMemUtil@asmjit@@SA_KXZ
?getPageSize@VMemUtil@asmjit@@SA_KXZ
?getStackAlignment@HostRuntime@asmjit@@UEAAIXZ
?make@Assembler@asmjit@@UEAAPEAXXZ
?noOperand@asmjit@@3UOperand@1@B
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KAEBUX86Reg@2@IHI@Z
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KHI@Z
?release@JitRuntime@asmjit@@UEAAIPEAX@Z
?release@StaticRuntime@asmjit@@UEAAIPEAX@Z
?release@VMemMgr@asmjit@@QEAAIPEAX@Z
?release@VMemUtil@asmjit@@SAIPEAX_K@Z
?releaseProcessMemory@VMemUtil@asmjit@@SAIPEAX0_K@Z
?relocCode@Assembler@asmjit@@QEBA_KPEAX_K@Z
?reset@Assembler@asmjit@@QEAAX_N@Z
?reset@PodVectorBase@asmjit@@QEAAX_N@Z
?reset@VMemMgr@asmjit@@QEAAXXZ
?reset@Zone@asmjit@@QEAAX_N@Z
?sdup@Zone@asmjit@@QEAAPEADPEBD@Z
?setArch@X86Assembler@asmjit@@QEAAII@Z
?setError@CodeGen@asmjit@@QEAAIIPEBD@Z
?setErrorHandler@CodeGen@asmjit@@QEAAIPEAUErrorHandler@2@@Z
?sformat@Zone@asmjit@@QEAAPEADPEBDZZ
?shrink@VMemMgr@asmjit@@QEAAIPEAX_K@Z
?x86RegData@asmjit@@3UX86RegData@1@B

Sections

.text
Size: 659KB - Virtual size: 658KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libcurl.dll
.dll windows:6 windows x64 arch:x64

f3c24e32e27c5ad10b0808e86b422c7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

WSAIoctl
__WSAFDIsSet
socket
setsockopt
getsockopt
getpeername
connect
recv
closesocket
WSACleanup
WSAStartup
ntohs
listen
htons
getsockname
bind
accept
WSAGetLastError
send
select
recvfrom
sendto
getaddrinfo
freeaddrinfo
ioctlsocket
gethostname
htonl
ntohl
WSASetLastError

wldap32

ord41
ord50
ord22
ord211
ord46
ord143
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord60

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom

normaliz

IdnToAscii

crypt32

CertFreeCertificateContext

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
VerifyVersionInfoA
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
VerSetConditionMask
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
GetCurrentProcess
WaitForSingleObjectEx
CloseHandle
Sleep
FormatMessageA
SetLastError
SleepEx
GetProcAddress
FreeLibrary
WaitForMultipleObjects
PeekNamedPipe
GetLastError
ReadFile
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
GetTickCount64
QueryPerformanceCounter
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
EnterCriticalSection
TerminateProcess

vcruntime140

strrchr
memcpy
memmove
memchr
strstr
memset
memcmp
__C_specific_handler
__std_type_info_destroy_list
strchr

api-ms-win-crt-string-l1-1-0

isdigit
strncpy
isalpha
isxdigit
tolower
strpbrk
isgraph
isprint
_strdup
isalnum
islower
isupper
strncmp
isspace

api-ms-win-crt-convert-l1-1-0

strtoll
strtol
strtoul
atoi

api-ms-win-crt-stdio-l1-1-0

fseek
__stdio_common_vsprintf
fputc
_lseeki64
_write
_read
_open
_close
__stdio_common_vsscanf
fflush
__acrt_iob_func
fclose
fwrite
feof
ferror
fputs
fgets
fread
fopen

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_stat64

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-heap-l1-1-0

calloc
free
realloc
malloc

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initterm
_initialize_narrow_environment
_getpid
_beginthreadex
_initialize_onexit_table
_execute_onexit_table
__sys_nerr
strerror
_errno
_cexit
_initterm_e

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_version
curl_version_info

Sections

.text
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75b42ab10709020171a421999d0b3da8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libcurl

ole32

kernel32

user32

advapi32

shell32

oleaut32

d3d9

d3dx9_43

shlwapi

imm32

urlmon

Exports

Exports

Sections

.text Size: 659KB - Virtual size: 658KB

.rdata Size: 218KB - Virtual size: 217KB

.data Size: 23KB - Virtual size: 32KB

.pdata Size: 28KB - Virtual size: 27KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 67KB - Virtual size: 66KB

.reloc Size: 3KB - Virtual size: 3KB

f3c24e32e27c5ad10b0808e86b422c7d

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

advapi32

normaliz

crypt32

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 266KB - Virtual size: 266KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1020B

.text
Size: 659KB - Virtual size: 658KB

.rdata
Size: 218KB - Virtual size: 217KB

.data
Size: 23KB - Virtual size: 32KB

.pdata
Size: 28KB - Virtual size: 27KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 67KB - Virtual size: 66KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 266KB - Virtual size: 266KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1020B