loader[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

loader.rar
Size

2.4MB
MD5

376583e84c1da0ebaa8c0e11690e380c
SHA1

6dd57cc1349dcb7ddeb274fbaef27642e49cf052
SHA256

237a76ddb126d341b8ce3faae88e7283df0f04a6a7363acb70f94cc94e3f2060
SHA512

1e494bb460530b5c67199d8789e5c52f6b396bca4adc7530c5d5650b98f8d3b54bd116dcc0c51b248bd75705622a4bd1af6b902f9444a33147bbb9bebc11eef2
SSDEEP

49152:TaIQqnzhmeBUfalAYrUQA4o/idVdRQhPOIsEhDbbg+4GCQBHNAml:TPQqceBUf6dgod6hPeEBFRBHyk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/loader.exe

Files

loader.rar
.rar

Password: CryptoJ
loader.exe
.exe windows:4 windows x86 arch:x86

Password: CryptoJ

d5d9d937853db8b666bd4b525813d7bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameA

kernel32

LockResource
lstrlenA
CloseHandle
CreateFileA
ExitProcess
FindResourceA
FreeResource
GetCommandLineA
GetEnvironmentVariableA
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
LoadLibraryA
LoadResource
lstrcpynA
RtlMoveMemory
SetFileAttributesA
SizeofResource
WriteFile
lstrcatA
lstrcpyA

user32

CreateWindowExA
DefWindowProcA
DispatchMessageA
GetMessageA
LoadCursorA
LoadIconA
MessageBoxA
PostQuitMessage
RegisterClassExA
SendMessageA
ShowWindow
TranslateMessage
UpdateWindow

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE