Multi-Loader[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Multi-Loader.exe
Size

1.7MB
MD5

38aa65a7ecc97ba48103711b4d5f19dd
SHA1

410a77931380294fc0829955d15df11dd9db485c
SHA256

5e75505458c6dd344b9ae4a87c194af9b6b521a8c7dea0fd7b0f2d884edf7774
SHA512

5df0ddc1b57021f00d322b9bcbc2570c94114067fa455f0ead34da6633543a81dcc38c5335afa83c9e5877ea8cdbe0d1c728fcc9aa4acc93ea0f5a1ed42e1ba6
SSDEEP

24576:aVTI8qG8QzDKJRKQrhQ4YdRyQ1KZZcq7SGeK1N0OdLR5nLa0w:aVT8yujYbR2l7VrjxnLhw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Multi-Loader.exe

Files

Multi-Loader.exe
.exe windows:6 windows x64 arch:x64

4d67677e04c8fbfd6a2dbf91ebbf7790

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Snayzen\source\repos\Multi-Loader\x64\Release\Multi-Loader.pdb

Imports

opengl32

wglGetProcAddress
wglGetCurrentDC
glGetString
glGetIntegerv
glPixelStorei
glColor4f
glVertex2f
glTexImage2D
glBegin
glTexParameteri
glLineWidth
glEnd
glGenTextures
glBindTexture
glClear
glViewport

kernel32

GetSystemDirectoryA
VerifyVersionInfoA
QueryPerformanceCounter
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
GetStartupInfoW
SetThreadExecutionState
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
FormatMessageW
OutputDebugStringW
GetFileInformationByHandleEx
AreFileApisANSI
GetFileAttributesExW
FindFirstFileW
QueryPerformanceFrequency
CreateDirectoryW
GetCurrentDirectoryW
GetLocaleInfoEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
VerSetConditionMask
SleepEx
LeaveCriticalSection
EnterCriticalSection
LocalFree
FormatMessageA
SetLastError
QueryFullProcessImageNameW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualProtect
CreateThread
MultiByteToWideChar
GetCurrentProcess
Sleep
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
GetProcAddress
FreeLibrary
WriteProcessMemory
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
Module32FirstW
ReadProcessMemory
HeapDestroy
GetLastError
CreateFileW
Process32Next
Process32First
GetModuleFileNameA
Module32NextW
GetConsoleWindow
FindClose

user32

RegisterDeviceNotificationW
RegisterRawInputDevices
GetRawInputData
UnregisterDeviceNotification
ToUnicode
ChangeDisplaySettingsExW
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
ReleaseCapture
SetCapture
MapVirtualKeyW
GetKeyState
GetActiveWindow
SetFocus
IsZoomed
BringWindowToTop
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindow
SetLayeredWindowAttributes
GetLayeredWindowAttributes
DestroyWindow
CreateWindowExW
CreateIconIndirect
LoadImageW
DestroyIcon
LoadCursorW
GetClassLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
SetRect
ClipCursor
WindowFromPoint
ClientToScreen
SetCursor
SetCursorPos
AdjustWindowRectEx
GetWindowRect
RegisterClassExW
DefWindowProcW
WaitMessage
PostMessageW
SendMessageW
GetMessageTime
PeekMessageW
DispatchMessageW
TranslateMessage
TrackMouseEvent
MessageBoxA
UnregisterClassW
ScreenToClient
GetSystemMetrics
ShowWindow
GetAsyncKeyState
FindWindowA
GetCursorPos
GetMessageExtraInfo
CallWindowProcW
SetWindowLongPtrW
GetWindowLongPtrW
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetRawInputDeviceList
GetRawInputDeviceInfoA
EnumDisplaySettingsW
EnumDisplaySettingsExW
EnumDisplayDevicesW
EnumDisplayMonitors
GetClientRect
SetWindowTextW
RemovePropW
GetPropW
SetPropW
ReleaseDC
GetDC
SetForegroundWindow
MsgWaitForMultipleObjects

gdi32

CreateRectRgn
CreateBitmap
CreateDCW
DeleteDC
GetDeviceCaps
DeleteObject
SetDeviceGammaRamp
ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
SwapBuffers
GetDeviceGammaRamp
CreateDIBSection

advapi32

RegOpenKeyExA
RegCloseKey
OpenProcessToken
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
CopySid
SetSecurityInfo
IsValidSid
InitializeAcl
RegEnumValueA

shell32

DragQueryPoint
DragQueryFileW
DragFinish
DragAcceptFiles
ShellExecuteA

imm32

ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext

msvcp140

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??7ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?uncaught_exception@std@@YA_NXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exceptions@std@@YAHXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Random_device@std@@YAIXZ
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_do_broadcast_at_thread_exit
_Query_perf_counter
_Thrd_detach
_Xtime_get_ticks
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setf@ios_base@std@@QEAAHHH@Z

shlwapi

PathFindFileNameW

normaliz

IdnToAscii

wldap32

ord41
ord26
ord27
ord45
ord32
ord33
ord35
ord79
ord30
ord60
ord200
ord301
ord22
ord211
ord46
ord217
ord50
ord143

crypt32

CertFreeCertificateChain
CertGetNameStringA
CertFindExtension
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptQueryObject

ws2_32

WSASetLastError
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
WSAIoctl
WSAStartup
closesocket
WSACleanup
socket
htonl
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
recvfrom
sendto
gethostname
ntohl
accept
setsockopt

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context
__std_terminate
strstr
strchr
__std_exception_destroy
__std_exception_copy
_CxxThrowException
memchr
memcmp
memcpy
memmove
memset
strrchr
__C_specific_handler
__current_exception

api-ms-win-crt-stdio-l1-1-0

_lseeki64
_popen
_pclose
fgets
fputs
__p__commode
ftell
__acrt_iob_func
_get_stream_buffer_pointers
fflush
_fseeki64
fsetpos
feof
ungetc
_open
setvbuf
fgetpos
fclose
_close
fgetc
fseek
_write
_read
__stdio_common_vfprintf
fwrite
fputc
fopen
_wfopen
__stdio_common_vsprintf
_set_fmode
__stdio_common_vsscanf
fread

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strncmp
_strdup
strncpy
tolower
_wcsicmp
strpbrk
isalnum
strcmp
strspn
isupper
strcspn

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
realloc
_callnewh
malloc
free

api-ms-win-crt-convert-l1-1-0

strtoll
strtod
strtoul
atoi
strtol
atof
strtoull

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_exit
_set_app_type
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_cexit
exit
_beginthreadex
_crt_atexit
_invalid_parameter_noinfo
terminate
_register_onexit_function
_initialize_onexit_table
abort
_invalid_parameter_noinfo_noreturn
_errno
_initialize_narrow_environment
_configure_narrow_argv
__sys_nerr
system
_getpid
_get_initial_narrow_environment
strerror
_resetstkoflw
_initterm

api-ms-win-crt-time-l1-1-0

_gmtime64
strftime
_time64
_localtime64

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_access
_unlink
_fstat64
_stat64

api-ms-win-crt-math-l1-1-0

acosf
powf
atan2f
fmaxf
_hypotf
ceilf
_dsign
cosf
ldexp
fmodf
sinf
fminf
sqrtf
__setusermatherr
_dclass

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv
_configthreadlocale

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 606KB - Virtual size: 605KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d67677e04c8fbfd6a2dbf91ebbf7790

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

opengl32

kernel32

user32

gdi32

advapi32

shell32

imm32

msvcp140

shlwapi

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 606KB - Virtual size: 605KB

.data Size: 19KB - Virtual size: 60KB

.pdata Size: 45KB - Virtual size: 44KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 606KB - Virtual size: 605KB

.data
Size: 19KB - Virtual size: 60KB

.pdata
Size: 45KB - Virtual size: 44KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 6KB