Loader[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Loader.zip
Size

795KB
MD5

cfd9adce3b487be41d2847245fd66167
SHA1

fff6b2b9fc5cccd506d9b12381f7e35d0764fde8
SHA256

b291c55f1b29ce3d8a806c12c97037ffc2d6dc18ca618d267aa8a0dcb973ed89
SHA512

9275f4e736801d3f5b77ee982b80a2ce8e07860a0d8b0c13ac29983146b3abe4f4140c7513c623e5a3278700b29f9aadc97147df7fe15dbcdeb81f9eca9a0721
SSDEEP

12288:d2TX0kU+60x0vIR0HscC9Ip5/kneFkJaL5ZLyn4nLMcu/0mpCsl6PZjai7gcqGkW:MQkUnHIWHJkneSJi5Z0W3uKsl6l7gcQS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Loader/loader.exe

Files

Loader.zip
.zip
Loader/loader.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

"- *
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 464KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ