HydroGen-Loader[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

HydroGen-Loader.exe
Size

618KB
MD5

8abb6ea5cf25d548fd232316429526b1
SHA1

f16c1bae110a3e865bb954e879ee982e66c7c693
SHA256

21abd673d150dfe244a5bc34d225693ef19c40c709e22b0e0782f30f0aaed438
SHA512

da7c41a3a20519b994bda3c9785f48478f3dfeceb9b6470d0b1154815b2d4455d3e43095fd038a07ec6f5cd85b1007ee62e15fa1479856e4b78b10ef6a06500b
SSDEEP

12288:ELZtgDM4r1rd/FogBwi/QdpG/ZbFle/v:eN4hrhK9i/CKby/v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HydroGen-Loader.exe

Files

HydroGen-Loader.exe
.exe windows:6 windows x64 arch:x64

314b33040b1de426b0f41c1648b9eb99

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\loader-source\x64\Release\loader-x64.pdb

Imports

kernel32

InitializeCriticalSectionEx
DeleteCriticalSection
CreateThread
GetModuleFileNameA
FormatMessageA
LocalFree
EnterCriticalSection
LeaveCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
VerifyVersionInfoA
QueryPerformanceCounter
MoveFileExA
WaitForSingleObjectEx
MultiByteToWideChar
HeapSize
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
WideCharToMultiByte
SetConsoleCursorPosition
GetProcessHeap
HeapFree
HeapReAlloc
GetTickCount
VirtualQuery
IsDebuggerPresent
CheckRemoteDebuggerPresent
HeapDestroy
GetEnvironmentVariableA
GetModuleHandleW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
HeapAlloc
DebugBreak
GetFileSize
GetProcAddress
GetThreadContext
CloseHandle
Process32Next
GetCurrentThread
CreateFileA
GetLastError
GlobalAddAtomA
Sleep
CreateToolhelp32Snapshot
GetModuleHandleA
OpenFileMappingW
CreateFileW
OutputDebugStringA
WriteFile
GetStdHandle
GetCurrentProcess
SetConsoleTextAttribute
SetLastError
GetConsoleScreenBufferInfo
VirtualProtect
Process32First
FillConsoleOutputCharacterA
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
ReadFile

user32

MessageBoxA
FindWindowW
FindWindowA

advapi32

OpenProcessToken
CopySid
GetLengthSid
GetTokenInformation
IsValidSid
ConvertSidToStringSidA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptImportKey
CryptEncrypt
CryptDestroyKey

msvcp140

_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xbad_function_call@std@@YAXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?good@ios_base@std@@QEBA_NXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
_Query_perf_counter
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

normaliz

IdnToAscii

wldap32

ord41
ord22
ord60
ord26
ord211
ord50
ord27
ord32
ord143
ord33
ord35
ord217
ord30
ord200
ord301
ord79
ord45
ord46

crypt32

CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore

ws2_32

getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
ntohl
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
gethostname
recvfrom
sendto
send
recv
freeaddrinfo
closesocket

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
__current_exception_context
__C_specific_handler
__std_exception_destroy
__std_exception_copy
__current_exception
__std_terminate
strstr
memchr
memcmp
memcpy
memmove
strrchr
strchr
memset

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
exit
_cexit
system
_getpid
_register_onexit_function
_beginthreadex
__p___argc
__p___argv
_invalid_parameter_noinfo_noreturn
_resetstkoflw
_exit
_invalid_parameter_noinfo
_initterm_e
_seh_filter_exe
__sys_nerr
strerror
_set_app_type
_c_exit
_register_thread_local_exe_atexit_callback
_errno
_crt_atexit
_get_initial_narrow_environment
abort
_initterm
terminate

api-ms-win-crt-stdio-l1-1-0

fgets
__acrt_iob_func
fflush
fclose
_pclose
_popen
fgetc
__stdio_common_vfprintf
fwrite
fgetpos
__stdio_common_vsprintf
ungetc
fsetpos
fread
_fseeki64
_get_stream_buffer_pointers
fopen
fputs
__stdio_common_vsscanf
feof
fputc
_open
_close
_write
_read
fseek
__p__commode
_set_fmode
ftell
_lseeki64
setvbuf

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
malloc
realloc
calloc

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-string-l1-1-0

tolower
strpbrk
isupper
_strdup
strcmp
strspn
strncpy
strncmp
strcspn

api-ms-win-crt-filesystem-l1-1-0

_unlink
_stat64
_fstat64
_access
_stat64i32
_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-convert-l1-1-0

strtod
strtol
strtoll
strtoul
strtoull
atoi

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-math-l1-1-0

_dclass
__setusermatherr

shell32

ShellExecuteA

Sections

.text
Size: 482KB - Virtual size: 482KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

314b33040b1de426b0f41c1648b9eb99

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcp140

rpcrt4

normaliz

wldap32

crypt32

ws2_32

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

shell32

Sections

.text Size: 482KB - Virtual size: 482KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 18KB - Virtual size: 18KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 482KB - Virtual size: 482KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB