General
-
Target
loader.exe
-
Size
6.5MB
-
MD5
5640e7c7fbbfa0134b74865a6d4737ea
-
SHA1
82cb4c4440e9e3baab6b75994d94041e66830b3c
-
SHA256
55ec88ada55c35967781c12ac60757e8e8f6257357cf5508cf17eca7a8acc123
-
SHA512
3acea538d5910aee2faa1c954e927eefa9c606eb35637072e3f06601c5fe91cf95e8d3ca176ae5ecec8b1a1f017da867408a29b0a9e0d4c47085d439ce8a1342
-
SSDEEP
196608:AMNTPY7QEbGXqEICteEroXGzlxZV3Gu5D4S26/CS32uTdq:BYkEhEInEroXC14S26Wuxq
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource loader.exe
Files
-
loader.exe.exe windows:5 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
UPX0 Size: - Virtual size: 308KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 118KB - Virtual size: 120KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 68KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
main.pyc