loader[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

loader.exe
Size

112KB
MD5

1b5b830cc36f2e8453cb13151b38e0a4
SHA1

fabdd184c67e2dcdf2b26f0e6a8872b954b6f390
SHA256

668c0d3ffe635e32ca1c77ff4b09bdc2d0a76d68dc4e9e85ee9806d4d5729b22
SHA512

779689daeba9864d889e7283093b6457ade3070acaa22c1c74d32aa78d78a238ab8e43260d09edb5d920b0b0460dc6992e699bb69e071cc3edbb65974a6031fb
SSDEEP

1536:oY2Lgl2+4WJJJpsHteYVfxaxS2T+1KjbJzLUw3FkLT:l4WJJJpsBfTuUw3FkLT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
loader.exe

Files

loader.exe
.exe windows:4 windows x64 arch:x64

67ba73c11c487ff2d8e4dabe7e8339df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libgcc_s_seh-1

_Unwind_Resume

libstdc++-6

_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5c_strEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7_M_dataEv
_ZNSaIcEC1Ev
_ZNSaIcEC2Ev
_ZNSaIcED1Ev
_ZNSaIcED2Ev
_ZNSolsEPFRSoS_E
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE10_M_disposeEv
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE11_M_capacityEy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE12_Alloc_hiderC1EPcRKS3_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE13_M_local_dataEv
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE13_M_set_lengthEy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE13_S_copy_charsEPcPKcS7_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7_M_dataEPc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_createERyy
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEED1Ev
_ZNSt8ios_base4InitC1Ev
_ZNSt8ios_base4InitD1Ev
_ZSt17__throw_bad_allocv
_ZSt19__throw_logic_errorPKc
_ZSt20__throw_length_errorPKc
_ZSt4cerr
_ZSt4cout
_ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_
_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
_ZdlPvy
_Znwy
__cxa_begin_catch
__cxa_end_catch
__cxa_rethrow
__gxx_personality_seh0

kernel32

CloseHandle
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetTempFileNameA
GetTempPathA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_fmode
_initterm
_onexit
abort
calloc
exit
fclose
fopen
fprintf
free
fwrite
malloc
memcpy
memmove
memset
signal
strlen
strncmp
vfprintf

shell32

ShellExecuteExA

libcurl

curl_easy_init
curl_easy_setopt
curl_easy_perform
curl_easy_cleanup
curl_easy_strerror

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 512B - Virtual size: 175B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 512B - Virtual size: 221B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 119B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67ba73c11c487ff2d8e4dabe7e8339df

Headers

DLL Characteristics

File Characteristics

Imports

libgcc_s_seh-1

libstdc++-6

kernel32

msvcrt

shell32

libcurl

Sections

.text Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 224B

.rdata Size: 4KB - Virtual size: 4KB

/4 Size: 512B - Virtual size: 4B

.pdata Size: 2KB - Virtual size: 1KB

.xdata Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 512B

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 140B

/14 Size: 512B - Virtual size: 80B

/29 Size: 4KB - Virtual size: 3KB

/41 Size: 512B - Virtual size: 175B

/55 Size: 512B - Virtual size: 221B

/67 Size: 512B - Virtual size: 119B

.text
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 224B

.rdata
Size: 4KB - Virtual size: 4KB

/4
Size: 512B - Virtual size: 4B

.pdata
Size: 2KB - Virtual size: 1KB

.xdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 512B

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 140B

/14
Size: 512B - Virtual size: 80B

/29
Size: 4KB - Virtual size: 3KB

/41
Size: 512B - Virtual size: 175B

/55
Size: 512B - Virtual size: 221B

/67
Size: 512B - Virtual size: 119B