yuki-loader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

yuki-loader.exe
Size

89KB
MD5

2c485595a905aa7c28fb233541423022
SHA1

b161db52f1fb118d7b13ad4839243535cc32be08
SHA256

6fd752a278563457f4d79247adbff20292c472b8c8d84510a355ecdef1b0966b
SHA512

c54253d57bb3fc66730b71eaf887b2b08ce025902c039ee6ec278ffd39b003559f014340edd5e8addbe91a1907123f9d649fb12233aa26b9e235ecd6d8570f81
SSDEEP

768:2ce6WjbT00o2jjbqnN73MZhIqvoL65C9sCbXtYIAvBo6P2i:2cedjPLljjboaZhIqvu6kss5Yn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
yuki-loader.exe

Files

yuki-loader.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\IlIlIIIIlIIllllIIIlI\Documents\custom-keyauth-loader-csharp-main\Keyauth-console-loader\obj\Release\Keyauth-console-loader.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ