windows-loader-by-daz[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

windows-loader-by-daz.exe
Size

1.7MB
MD5

6bba22b8fb1da7e921e94d99f0a511c8
SHA1

fa336bcbd2854982cb990635395fd796057ab767
SHA256

b115d88c802dc349b9dc7e1333eba2f4c1e73911a12dcc3a4902e56e0a00fa43
SHA512

aad2654d4a30ed344f0e55e5d245b1351846769edb82dd36ffac4db66bdb567f9aa87bca32ec04d50f7b753a0e8cbb462943112a9a99f26ff4e907d278cb14d4
SSDEEP

24576:vVckxh+XPjAb0lfwYoetuk+SXz9YxojZlfdkY8AvryvcO4zsAvI5s:vVckx8XUgNxt+SXz+xuwATyvcO4zsAQy

Score

1^/10

Malware Config

Signatures

Files

windows-loader-by-daz.exe
.exe windows:5 windows x86 arch:x86

af08589c850f0f4e882dbd7084a2e22e

Code Sign

10:a9:ce:07:5a:9e:c7:3a:e3:ae:02:0b:1a:08:45:c7
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

15-05-2018 00:00

Not After

19-07-2018 23:59

Subject

CN=OKNO V MIR\, TOV,O=OKNO V MIR\, TOV,POSTALCODE=613050,STREET=d. 5 korp. A\, ul. Krasnoarmeiskaya,L=Kirovo-Chepetsk,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19-01-2010 00:00

Not After

18-01-2038 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
VerQueryValueW

setupapi

SetupGetFileCompressionInfoA
SetupGetFileCompressionInfoW
SetupGetBinaryField

wininet

InternetOpenA
InternetWriteFile

kernel32

HeapReAlloc
VirtualAlloc
HeapAlloc
WriteFile
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapFree
ExitProcess
GetCommandLineA
GetStartupInfoA
IsBadReadPtr
LoadLibraryA
GetModuleHandleA
GetVersionExA
lstrcatA
GetVersion
GetProcAddress
FlushFileBuffers
GetSystemInfo
GetExitCodeProcess
GlobalFindAtomW
PostQueuedCompletionStatus
GetQueuedCompletionStatus
GetTempPathA
lstrcmpiA
GetSystemDirectoryW
GetTimeFormatA
GetShortPathNameA
FindClose
SetEndOfFile
CompareFileTime
InterlockedExchange
SetCurrentDirectoryW
GetStringTypeW
GetTimeZoneInformation
GetExitCodeThread
GlobalUnlock
FindResourceExW
FindFirstFileA
CreateDirectoryA
FindNextFileA
GetDriveTypeW
GetBinaryTypeW
GetACP
CloseHandle
FreeLibrary
CreateFileMappingA
GetLastError
CreateThread
SetStdHandle
GetCPInfo
GetOEMCP
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetEnvironmentStringsW

user32

DefWindowProcA
SetWindowPos
DispatchMessageW
LoadStringW
DestroyWindow
EndPaint
AdjustWindowRectEx
ClientToScreen
TranslateAcceleratorW
MessageBoxIndirectA
RegisterClassExW
CheckDlgButton
CloseClipboard
CharNextW
EmptyClipboard
GetClassNameW
SetWindowLongW
ReleaseDC
GetParent
TranslateMessage
GetSubMenu
EnumChildWindows
GetClientRect
LoadMenuW
GetWindowLongA
DefWindowProcW
CreateWindowExW
SendMessageW
SetCursor
GetSysColor
EndDialog
InvalidateRect
CharLowerBuffW
IsWindowVisible
SetClipboardData
GetSystemMetrics
TrackPopupMenu
BeginPaint
GetClassInfoExW
CreatePopupMenu

gdi32

CreateFontIndirectW
SetTextColor
DeleteDC
OffsetViewportOrgEx
Escape
GetDeviceCaps
RectVisible
GetClipBox
Rectangle
SetWindowExtEx
DeleteObject
CreateRectRgnIndirect
SetViewportOrgEx
SaveDC
SetBkColor
GetWindowExtEx
GetViewportExtEx
GetObjectW
TextOutW
GetStockObject
GetMapMode
SetBkMode
GetBkColor
ExtTextOutW
GetRgnBox
RestoreDC
CreateBitmap
SelectObject
CreateFontIndirectA

rpcrt4

NdrComplexArrayFree
NdrClientInitialize
NdrClientCall2
NdrClientInitializeNew
NdrComplexArrayBufferSize

advapi32

InitializeSid
RegOpenKeyW
RegSetValueExW
RegOpenKeyExW
AllocateAndInitializeSid
RegCloseKey
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
EqualSid
RegQueryValueExW
RegEnumKeyExW
RegQueryValueW
FreeSid
RegEnumValueW
GetSidSubAuthority
RegCreateKeyExA

oleaut32

VarDecRound
SysAllocString
SysStringLen
SysStringByteLen
VariantClear
SysFreeString
SafeArrayPutElement
VarAdd
SysAllocStringByteLen

Sections

.text
Size: 664KB - Virtual size: 662KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af08589c850f0f4e882dbd7084a2e22e

Code Sign

10:a9:ce:07:5a:9e:c7:3a:e3:ae:02:0b:1a:08:45:c7Certificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

version

setupapi

wininet

kernel32

user32

gdi32

rpcrt4

advapi32

oleaut32

Sections

.text Size: 664KB - Virtual size: 662KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 12KB - Virtual size: 382KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

10:a9:ce:07:5a:9e:c7:3a:e3:ae:02:0b:1a:08:45:c7
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

.text
Size: 664KB - Virtual size: 662KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 382KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB