blackguard | Loader[.]exe | Triage

Sharing

General

Target

Loader.exe
Size

273KB
MD5

562f5962e62e7cffbd5b1994fee7eb61
SHA1

993c90b0fb19a743b90ffd70b01076d8c2a1cada
SHA256

cc4b161f7c063fcb3c13d1e4baa499072cbdaa34ec571bb57d0639caed4f8208
SHA512

3f855a84560accc8c4834b6e0b918ff8f40b2bc96ebef0eec08609664dceae00085fe6f878cecef82be3b0122ffd825984dc9a4fac8ece8f52216b9bb9030209
SSDEEP

6144:4f+BLCABPC+55PUgxHGozsuuI7xJbM3AMr/iyIme0wic:x5hhzsuh7zsXEmeIc

Score

10^/10

blackguard

Malware Config

Signatures

Blackguard family
blackguard

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
Loader.exe

Files

Loader.exe
.exe windows:4 windows x64 arch:x64

Password: rerer

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Mycc\Desktop\44CALIBER-MODIFED-main\44CALIBER\obj\Release\Loader.pdb

Sections

.text
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ