loader.pdb
Static task
static1
1 signatures
General
-
Target
loader.exe
-
Size
16.3MB
-
MD5
7a2ac29d3a20ebb0c4c4a0cacc78fb9d
-
SHA1
52043739884707fd305446f573b5b794309fce55
-
SHA256
f058832ce698846c2bcc22b48a0b14f3ad750d6557d24bdbc2e049e3536f4150
-
SHA512
9a6f7974a0c104b1e95fc6fd4004a00446a61dbd1c84e5e8e09de12226cb800e051eae5e8e174dc3e1050274aeb5fc08f71b5986ef39a6df4ff3c60c39287a82
-
SSDEEP
98304:nDqbqklcPGC8ErAWER1/eqE/MWuMfWeSeRVJ2/oVkUGc8xU+1+QrcQZUJOfLzCcC:KsGtEY1/rgue5Jyc8xU8UJK6
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource loader.exe
Files
-
loader.exe.exe windows:6 windows x64 arch:x64
4d129d40088b9643bc4e55b735839515
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
bcryptprimitives
ProcessPrng
api-ms-win-core-synch-l1-2-0
WaitOnAddress
WakeByAddressSingle
WakeByAddressAll
secur32
LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions
kernel32
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
GetTempPathW
GetFullPathNameW
CreateThread
CloseHandle
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateProcess
GetModuleHandleA
GetProcAddress
GetCurrentThreadId
GetCurrentProcessId
RtlVirtualUnwind
GetComputerNameExW
LoadLibraryExW
FreeLibrary
CreateEventA
GetLogicalProcessorInformationEx
GetTickCount64
GlobalMemoryStatusEx
GetLogicalDrives
GetDiskFreeSpaceExW
GetProcessTimes
GetExitCodeProcess
GetLastError
LocalFree
GetSystemInfo
GetProcessHeap
HeapAlloc
HeapFree
OpenProcess
GetSystemTimes
GetProcessIoCounters
VirtualQueryEx
ReadProcessMemory
CreateFileW
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
GetCurrentProcess
WaitForSingleObject
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
DuplicateHandle
VirtualProtect
LoadLibraryA
LoadLibraryExA
FormatMessageW
Sleep
GlobalLock
GlobalSize
GlobalAlloc
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
GlobalUnlock
SetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
QueryPerformanceFrequency
QueryPerformanceCounter
RemoveVectoredExceptionHandler
GetModuleHandleW
AddVectoredExceptionHandler
GetModuleFileNameW
SetThreadErrorMode
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
GetConsoleMode
GetUserPreferredUILanguages
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetCommandLineW
SetFileInformationByHandle
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
GetSystemTimePreciseAsFileTime
HeapReAlloc
lstrlenW
FindNextFileW
FindClose
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
ExitProcess
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
WriteConsoleW
ntdll
NtQueryInformationProcess
RtlAdjustPrivilege
NtLoadDriver
NtWriteFile
NtReadFile
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtQuerySystemInformation
NtCancelIoFileEx
NtUnloadDriver
RtlGetVersion
user32
DestroyWindow
SetWindowLongPtrW
ValidateRect
PostThreadMessageW
PeekMessageW
GetUpdateRect
RedrawWindow
DefWindowProcW
PostMessageW
RegisterRawInputDevices
GetMenu
LoadCursorW
SetCursor
MonitorFromRect
TrackMouseEvent
GetTouchInputInfo
ScreenToClient
CloseTouchInputHandle
IsProcessDPIAware
CloseClipboard
IsIconic
GetWindowRect
GetCursorPos
MonitorFromWindow
ShowCursor
ClipCursor
GetClipCursor
GetMonitorInfoW
ClientToScreen
AdjustWindowRectEx
GetWindowLongW
SetWindowLongW
EnableMenuItem
GetSystemMenu
GetDC
SetForegroundWindow
SendInput
MapVirtualKeyW
CreateIcon
SetClipboardData
EmptyClipboard
SetWindowTextW
MonitorFromPoint
ToUnicodeEx
GetKeyboardLayout
GetClipboardData
OpenClipboard
GetKeyboardState
GetKeyState
GetRawInputData
SetWindowPos
SystemParametersInfoA
SendMessageW
DestroyIcon
TranslateMessage
MessageBoxA
MessageBoxW
InvalidateRgn
SetWindowPlacement
GetWindowPlacement
ChangeDisplaySettingsExW
SetCapture
DispatchMessageW
RegisterTouchWindow
GetSystemMetrics
SetWindowDisplayAffinity
MsgWaitForMultipleObjectsEx
GetWindowLongPtrW
RegisterWindowMessageA
GetMessageW
MapVirtualKeyA
CreateWindowExW
RegisterClassExW
IsWindowVisible
ReleaseCapture
GetClientRect
GetForegroundWindow
FlashWindowEx
GetActiveWindow
ShowWindow
ole32
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
RevokeDragDrop
RegisterDragDrop
CoInitializeEx
OleInitialize
CoInitializeSecurity
psapi
GetPerformanceInfo
GetModuleFileNameExW
GetModuleFileNameExA
gdi32
GetDeviceCaps
CreateRectRgn
StretchDIBits
DeleteObject
dwmapi
DwmEnableBlurBehindWindow
ws2_32
getsockname
getpeername
getaddrinfo
freeaddrinfo
closesocket
WSACleanup
WSAStartup
WSASocketW
bind
connect
WSAGetLastError
WSAIoctl
setsockopt
WSASend
send
recv
shutdown
getsockopt
ioctlsocket
advapi32
RegDeleteTreeW
RegCreateKeyW
RegSetKeyValueW
RegOpenKeyExW
RegCloseKey
GetTokenInformation
OpenProcessToken
RegQueryValueExW
LookupAccountSidW
CopySid
GetLengthSid
IsValidSid
GetUserNameW
SystemFunction036
pdh
PdhOpenQueryA
PdhCollectQueryData
PdhAddEnglishCounterW
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhCloseQuery
powrprof
CallNtPowerInformation
oleaut32
SafeArrayUnaccessData
SafeArrayGetLBound
SysFreeString
SysAllocStringLen
SafeArrayGetUBound
SysStringLen
SysAllocString
GetErrorInfo
SafeArrayAccessData
VariantClear
shell32
DragQueryFileW
DragFinish
CommandLineToArgvW
iphlpapi
GetIfEntry2
FreeMibTable
GetIfTable2
GetAdaptersAddresses
netapi32
NetUserGetLocalGroups
NetUserEnum
NetApiBufferFree
NetUserGetInfo
winmm
timeEndPeriod
timeBeginPeriod
timeGetDevCaps
uxtheme
SetWindowTheme
imm32
ImmAssociateContextEx
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
d3dcompiler_47
D3DCompile
bcrypt
BCryptGenRandom
userenv
GetUserProfileDirectoryW
vcruntime140
__current_exception_context
__current_exception
__C_specific_handler
_CxxThrowException
memcmp
memmove
memset
memcpy
__CxxFrameHandler3
api-ms-win-crt-math-l1-1-0
atan2
fmod
cos
tan
ceil
pow
fmodf
tanf
__setusermatherr
sinf
exp2
floorf
fmaf
roundf
round
acosf
ceilf
truncf
floor
acos
sin
trunc
expf
powf
exp2f
cosf
api-ms-win-crt-string-l1-1-0
wcslen
strlen
api-ms-win-crt-heap-l1-1-0
malloc
free
_set_new_mode
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__p__commode
api-ms-win-crt-runtime-l1-1-0
terminate
strerror
_crt_atexit
_exit
_initterm_e
_register_onexit_function
_initterm
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_initialize_narrow_environment
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_exe
exit
_set_app_type
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 11.5MB - Virtual size: 11.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4.3MB - Virtual size: 4.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 453KB - Virtual size: 452KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 888B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 70KB - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ