loader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

loader.exe
Size

5.4MB
MD5

8d154e9d944b5ceee57821638dc3fbcd
SHA1

e880f94c947a19c6002a06863d34752da9f8a798
SHA256

d31421e23654627d3f40a9c41ea35420a03a890b5dc48b3a9953021d1aae85cc
SHA512

76a873028d489096306edf98bf430a0305679d560fab7b53f34ef03936b0b9487a5ee1adb553d27d9b9cb17a25058114462b64bbc5ddd529dcd44f77ee1537e2
SSDEEP

98304:IG5b+zsg8nVPzk+byzWjUc3wICZVI68f+AX2x2Q2UfYN0Z0m6PzCQ0LQp:7G2VPzByzWj2LI6Rx2mYVmUZ0I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
loader.exe

Files

loader.exe
.exe windows:6 windows x64 arch:x64

Password: 123

f72f2c07ee79d9af4961f011a982dbd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Process32First
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetWindowPos
CharUpperBuffW

vcruntime140

memcpy

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment

api-ms-win-crt-stdio-l1-1-0

__p__commode

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

�qezw�!��`�zd�Kl�K�''/��/o�FT�.),Sp#_ �&��p��k1e-�p$&�Ǥr��F��C�+��ԙ|4W��}�o�j��mO��FC�\r�A��f3R��H�� (��.vi��=L��7�?�i��3|:�@sԑ��_��A��6��!3r�.��p��DF�/��(��$Ec��p��Oh�\Z�u�7��9��䀀�HG����렦��Ma��9*�͵��}�+�:ђ�5t�ܦ2�P��*r!�'m�{��ç�Ӏ �/��yBp?0��c�� Å�Y5Sx�x- �,�i0�V�� 0Md&�N6�P)��8��;¨��i~m��s�=dS�O �P�P�'��?��Nc�,�OO��{��ۤ�B��yD��$�~� ��w/�4$��9'�A<��imik��b��"��8 ��T�g!w�fM�W�!�M��.��'�U��;�{h�΅�d��i\d��D��S�1h�P��i`�RW�env�O�� t�M��|Q��<��LLXQ��zr�Û��5��/�q\�#Xǃ>�{�+ijF��C3�k5n��ؾ��4؜.��+��L�p4B� �/��g� {��c�^�蚺�J;؇�V*��_,��MSt��!�@��x��p��r��m�+��p[?e=HU��35z��'�\+��v�&3��Ϊ��њ��C��Csf�&T��Hո�d�<�'RE|2 ~��$G��*�(�j3��}8��Ñ٬��n��à�x��Z��C ='�d�f:NX��Z�ck��ڪ��vJU��$��N�0��;�� 7:��L b9I�c 6��82N~�ϣۙ��%�l��p��ւr�#��1�c�y�]�윎tA�%��6C;-��UF)7�l̇��{(�_�V�9�T��R/<��h�e��a�B{?�S�8A��Q�UbN�<u��'Q�l'䬪l�޹�(�_1��A�1~�'i{�Yq��%��jIۍ#`��<6�V �S�g�6��"֯��)X˧yh�Չ�|)2��n��/�*��ɨ= dD�q.xnѼGu��K1f��Ҋ�A��Qpl �`�j )�[�`2X=h�5ɩڜC�f�Ć\+Q\�~X�]�6�!9��e�1_��O{3:��ɧ��.��f��F��@��eL�=��R�S݉��%r26K�Qڡށs�.n��`湀��.a��f&��+8��s��ń`ĳB�$z\��T��[�l��,�ԣׂ� �5'6�!,5�\.K��80hXH��|��T֘��@KӛOʲ��n�= ~�mA�qp�� @��ǽ�)�9��,�4׽��! "o�*�t��_�@��/˭p�� L%@��'�,�q1w� <��~��f��yڏD�.zd�̳\�'o8$WH?��̌�^�%-1U�;�͜.��! �Mt�3�>T�d��7��RN��&U?�@`lv7��e��CE�F�ə�s�vQ�O�ŀ 4B��S�mܹ�~ֻAI��?g��?�2X^��m��y��Ix��sM-S5�AL[0��ͶXpA#Q�8�w��?��<z�P��ڗ�"�z'�]�[)��5�w�4�N~�>�=��s��#+��\ ��!�μ]��B'�Z�Y��Ȳk��r��6&5y�� By?Zo� ��g�~��'�]�;�/-�%�L��N6$��a��C h=�2�7��3�2��HN�Q1��2�a��@*��r��e#�m2*>a��W��M��2��ve�+��-��OS�� G�[oxu��z��P��ߧ��\C5� ��f%��JT��5�\�8�%��Hނ� ��Ad��\��F/M�,B9��÷��G,��nb�{��#��ꎙL�UNӑӜ�j�qTY��\�" �UET1�r��.}L[�m�+|�zQ��l15GaR_�Z�NĄ�N�G�<�;]��e�/��"S+WN(�y�� Oi͹X��0�tn�I�԰q^H��kw7�~S�2� �7�)�f�R:i\%<�~��'��4�&�4a��)d�� e"�l��h+��>`;uwhL�s��OJ��Bw��ޜv��8��*��10�)�� v��A$�[��VH�6G=�K��h�� U�� d�)i��p�8ZS�ZLj�O��A�#�MP��Kf^��ڒ��W��3K!�&�Ó�D9�E5�T�߾p_�~8��$B&^tl9]�P��rJNH��ç9#W��̅��o�{䫵� �O��4R�T]�O��*��y5�Uf��yO�kpZa0x-��P�漏d` ��h��\�1��QB�$2�=B�j��S��Y��\6�\}��3��U]XS䜓��/��Xsj�sOQN��ʻKdCm��R=<~�-G*��X�%�/�C��V��AAKf��$|HPkXJ�`h�m�F��$�Xy�K�2N��-S�MxV�%�M:=yʛ��Z��PW�|�[#��#{��(�m��X�i�}��/FPm��O��`�ɹ�W��IL�B��?H�An� �u�Q�E}��@W� ��ˢ�kD0��LEVZtpKP<�=?�$��1yE�Td nA�#��o �� Ꝏ'C�5n��X�e��;QI��f�Ԙ� ��p%vqW�,��L�Rx3�a�ߥ�V�@��5��"�vK xIqE�+��C�]?Z /�e��}Z��;5X��w�d�Ӵ[��cEY��ۢ��`�;&�3�+V�9C3��[��4T��ʠA �e�6�q�s��p�%��\�Ƀ�Zc�s��;�V 5.$D��2

Sections

.text
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

f72f2c07ee79d9af4961f011a982dbd2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 6KB

.rdata Size: - Virtual size: 4KB

.data Size: - Virtual size: 216B

.pdata Size: - Virtual size: 336B

Size: - Virtual size: 3.2MB

Size: 2KB - Virtual size: 2KB

Size: 5.4MB - Virtual size: 5.4MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 6KB

.rdata
Size: - Virtual size: 4KB

.data
Size: - Virtual size: 216B

.pdata
Size: - Virtual size: 336B

.rsrc
Size: 512B - Virtual size: 480B