SF loader[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SF loader.exe
Size

3.4MB
MD5

31319437c31f3aeee61849e5efcbf27a
SHA1

3792a62f27546a4c07b65db122b81087ecf21647
SHA256

b58ae7476ed1afa064b5e42f8ab0a3b59c1b8fd0c21db059de95a207ec245676
SHA512

c82d9374e81d451ebba0db679ed18454666dc0c6504683c6462d9c103ff9dc00b6d77dc15897242e463d8bdd0753ea652c30d203fbda74a42dcad6fe6b2f5582
SSDEEP

49152:/Gtlqp7IU6ijGAfYQpfJOFWR8i/W1png4KauavUQ5MXssZpF4QTJ6Isp/ZiPfIbf:k+jIFWR8IShLA7D6IQRcIb+ctb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SF loader.exe

Files

SF loader.exe
.exe windows:6 windows x64 arch:x64

ffa0b59c6ee3874e89f9a70eb73e7e0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

__WSAFDIsSet
inet_pton
shutdown
select
WSASetLastError
bind
getnameinfo
gethostname
sendto
recvfrom
ntohl
freeaddrinfo
getaddrinfo
ioctlsocket
listen
htonl
socket
send
recv
closesocket
accept
WSACleanup
WSAStartup
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
WSAGetLastError

wldap32

ord60
ord45
ord50
ord211
ord46
ord41
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord143

crypt32

CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CertOpenStore

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

kernel32

GetModuleFileNameW
SetConsoleCtrlHandler
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineA
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
ExitProcess
LoadLibraryExW
RtlPcToFileHeader
GetCommandLineW
GetConsoleOutputCP
WaitForSingleObject
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CreateProcessW
GetFileAttributesExW
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetEndOfFile
WriteConsoleW
FileTimeToSystemTime
ReadConsoleW
WriteProcessMemory
Sleep
GetLastError
LoadLibraryA
CloseHandle
GetProcAddress
VirtualAllocEx
ReadProcessMemory
CreateRemoteThread
VirtualFreeEx
GetExitCodeProcess
HeapFree
SetConsoleTitleA
GetCurrentProcess
InitializeCriticalSectionEx
OpenProcess
HeapSize
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
HeapReAlloc
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
IsWow64Process
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageA
GetTickCount
EnterCriticalSection
LeaveCriticalSection
SleepEx
VerSetConditionMask
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
VerifyVersionInfoA
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
GetEnvironmentVariableW
WideCharToMultiByte
GetConsoleMode
SetConsoleMode
ReadConsoleA
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
MultiByteToWideChar
FormatMessageW
WriteFile
GetModuleHandleW
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlVirtualUnwind
SwitchToFiber
DeleteFiber
CreateFiber
LoadLibraryW
ConvertFiberToThread
ConvertThreadToFiber
FindClose
FindFirstFileW
FindNextFileW
GetSystemTime
SystemTimeToFileTime
InterlockedPushEntrySList
RtlUnwindEx
RaiseException
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
SleepConditionVariableSRW
WakeAllConditionVariable
GetCPInfo
GetStringTypeW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
EncodePointer
LCMapStringEx

user32

MessageBoxW
GetAsyncKeyState
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA

shell32

ShellExecuteA

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 778KB - Virtual size: 778KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ffa0b59c6ee3874e89f9a70eb73e7e0c

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

crypt32

advapi32

kernel32

user32

shell32

rpcrt4

bcrypt

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 778KB - Virtual size: 778KB

.data Size: 36KB - Virtual size: 62KB

.pdata Size: 99KB - Virtual size: 98KB

.rsrc Size: 178KB - Virtual size: 178KB

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 778KB - Virtual size: 778KB

.data
Size: 36KB - Virtual size: 62KB

.pdata
Size: 99KB - Virtual size: 98KB

.rsrc
Size: 178KB - Virtual size: 178KB

.reloc
Size: 30KB - Virtual size: 30KB