loader[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

loader.exe
Size

16.3MB
MD5

459f463a00566aadb3c2867473e4e591
SHA1

b0f6003313c06f9a4b7060d6f78f43e8eca778d8
SHA256

a875686ab5f9269dc20752bb902273e02bd32a260d531333aaa59a6eb485e380
SHA512

ddc9f4da7ddfd861589199dc6f3f5efe5fc73c8a4e3738a3615a1e1d43756e3b906ddc45de5fa1cfeef7b6bba33e5dd5fbb8a626639e16ce41420a5d1966e66f
SSDEEP

98304:ej9IYN5LwPFwE3EZW5OfWkdujmHZzhRrluOBOTFcbFMbuSy+WlFblRnWmieT41vY:2NmFwmEuOfkCFhfuibFM8pfXT0qOTz4f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
loader.exe

Files

loader.exe
.exe windows:6 windows x64 arch:x64

6502065123ba3a2ff95a7326cf6a639b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

loader.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
WakeByAddressAll

secur32

LsaFreeReturnBuffer
LsaEnumerateLogonSessions
LsaGetLogonSessionData

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
GetTempPathW
GetFullPathNameW
CreateThread
CloseHandle
GetCurrentThreadId
Process32NextW
CreateToolhelp32Snapshot
Process32FirstW
TerminateProcess
GetModuleHandleA
GetProcAddress
GetCurrentProcessId
RtlVirtualUnwind
GetComputerNameExW
LoadLibraryExW
FreeLibrary
CreateEventA
GetLogicalProcessorInformationEx
GetTickCount64
GlobalMemoryStatusEx
GetLogicalDrives
GetDiskFreeSpaceExW
GetProcessTimes
GetExitCodeProcess
GetLastError
LocalFree
GetSystemInfo
VirtualQueryEx
GetProcessHeap
HeapAlloc
HeapFree
OpenProcess
GetSystemTimes
GetProcessIoCounters
ReadProcessMemory
GetDriveTypeW
GetVolumeInformationW
CreateFileW
DeviceIoControl
GetCurrentProcess
WaitForSingleObject
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
DuplicateHandle
VirtualProtect
LoadLibraryA
LoadLibraryExA
FormatMessageW
Sleep
GlobalLock
GlobalSize
GlobalAlloc
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
GlobalUnlock
SetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
QueryPerformanceFrequency
QueryPerformanceCounter
RemoveVectoredExceptionHandler
GetModuleHandleW
AddVectoredExceptionHandler
GetModuleFileNameW
SetThreadErrorMode
RtlCaptureContext
RtlLookupFunctionEntry
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
lstrlenW
GetConsoleMode
GetUserPreferredUILanguages
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
SetThreadStackGuarantee
GetCurrentThread
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetCommandLineW
SetFileInformationByHandle
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
GetSystemTimePreciseAsFileTime
HeapReAlloc
FindNextFileW
FindClose
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
ExitProcess
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
WriteConsoleW

ntdll

NtCreateFile
NtUnloadDriver
NtLoadDriver
RtlNtStatusToDosError
RtlAdjustPrivilege
NtReadFile
NtWriteFile
NtQueryInformationProcess
RtlGetVersion
NtCancelIoFileEx
NtQuerySystemInformation
NtDeviceIoControlFile

user32

GetActiveWindow
GetForegroundWindow
GetClientRect
GetCursorPos
ReleaseCapture
EnableMenuItem
GetSystemMenu
GetWindowLongW
AdjustWindowRectEx
IsWindowVisible
RegisterClassExW
CreateWindowExW
DestroyWindow
GetSystemMetrics
RegisterTouchWindow
GetRawInputData
ShowWindow
SetForegroundWindow
DispatchMessageW
CloseClipboard
SendInput
TranslateMessage
MapVirtualKeyW
ToUnicodeEx
RegisterRawInputDevices
RegisterWindowMessageA
SetWindowTextW
GetKeyboardLayout
SetWindowDisplayAffinity
GetKeyboardState
GetKeyState
MonitorFromPoint
PeekMessageW
IsIconic
ClipCursor
GetClipCursor
ShowCursor
GetWindowRect
RedrawWindow
SetWindowPos
SystemParametersInfoA
ClientToScreen
SetCapture
InvalidateRgn
MsgWaitForMultipleObjectsEx
SetWindowLongW
GetDC
GetWindowLongPtrW
SetClipboardData
EmptyClipboard
GetClipboardData
OpenClipboard
IsProcessDPIAware
CreateIcon
SendMessageW
SetWindowLongPtrW
MessageBoxA
MessageBoxW
PostMessageW
SetWindowPlacement
GetWindowPlacement
ChangeDisplaySettingsExW
GetMessageW
MapVirtualKeyA
FlashWindowEx
GetMonitorInfoW
MonitorFromWindow
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
TrackMouseEvent
MonitorFromRect
SetCursor
LoadCursorW
GetMenu
ValidateRect
DefWindowProcW
GetUpdateRect
PostThreadMessageW
DestroyIcon

ole32

CoInitializeSecurity
CoCreateInstance
CoInitializeEx
RevokeDragDrop
RegisterDragDrop
OleInitialize
CoSetProxyBlanket
CoUninitialize

gdi32

StretchDIBits
GetDeviceCaps
DeleteObject
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

psapi

GetPerformanceInfo
GetModuleFileNameExW

ws2_32

getaddrinfo
freeaddrinfo
WSASend
WSACleanup
WSAStartup
WSAGetLastError
WSAIoctl
closesocket
setsockopt
send
recv
shutdown
getsockopt
ioctlsocket
connect
bind
WSASocketW
getpeername
getsockname

advapi32

RegCreateKeyW
RegSetKeyValueW
RegDeleteTreeW
SystemFunction036
RegOpenKeyExW
RegCloseKey
GetTokenInformation
OpenProcessToken
RegQueryValueExW
LookupAccountSidW
CopySid
GetLengthSid
IsValidSid
GetUserNameW

pdh

PdhOpenQueryA
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhCloseQuery
PdhRemoveCounter
PdhAddEnglishCounterW

powrprof

CallNtPowerInformation

oleaut32

GetErrorInfo
SysAllocString
SysFreeString
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
VariantClear
SysStringLen
SysAllocStringLen

shell32

DragQueryFileW
DragFinish
CommandLineToArgvW

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo
NetUserGetLocalGroups

iphlpapi

GetAdaptersAddresses
GetIfEntry2
GetIfTable2
FreeMibTable

winmm

timeGetDevCaps
timeBeginPeriod
timeEndPeriod

uxtheme

SetWindowTheme

imm32

ImmAssociateContextEx
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext

d3dcompiler_47

D3DCompile

bcrypt

BCryptGenRandom

userenv

GetUserProfileDirectoryW

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
_CxxThrowException
memcmp
memmove
memset
__CxxFrameHandler3
memcpy

api-ms-win-crt-math-l1-1-0

ceil
fmodf
acosf
_hypotf
expf
tanf
cosf
sinf
exp2
atan2
floorf
tan
sin
floor
trunc
roundf
powf
ceilf
round
acos
pow
truncf
cos
exp2f
fmaf
fmod
__setusermatherr

api-ms-win-crt-string-l1-1-0

strlen
wcslen

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_exit
exit
_initterm_e
_get_initial_narrow_environment
terminate
_crt_atexit
_initialize_narrow_environment
_configure_narrow_argv
strerror
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_initterm
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 11.6MB - Virtual size: 11.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6502065123ba3a2ff95a7326cf6a639b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

secur32

kernel32

ntdll

user32

ole32

gdi32

dwmapi

psapi

ws2_32

advapi32

pdh

powrprof

oleaut32

shell32

netapi32

iphlpapi

winmm

uxtheme

imm32

d3dcompiler_47

bcrypt

userenv

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 11.6MB - Virtual size: 11.6MB

.rdata Size: 4.2MB - Virtual size: 4.2MB

.data Size: 18KB - Virtual size: 20KB

.pdata Size: 448KB - Virtual size: 447KB

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 64KB - Virtual size: 64KB

.text
Size: 11.6MB - Virtual size: 11.6MB

.rdata
Size: 4.2MB - Virtual size: 4.2MB

.data
Size: 18KB - Virtual size: 20KB

.pdata
Size: 448KB - Virtual size: 447KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 64KB - Virtual size: 64KB