loader_prod[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

loader_prod.exe
Size

26.4MB
MD5

ba41431c69cb3a3a558b7d363ad5160c
SHA1

c981e506dd06d254c456b64fb01de3e5a73ee178
SHA256

ade6b6e09ec807df13e6128b48461ff279967f72bd12cfc777d7114e44b1219c
SHA512

41fccbaa530cfa63ecb1423b79d83fba9f2dbac7f0dd01cbb6653b7e027d1c549830f1d37a923684cfc7ba37644761ad59d11f077250ac0758694252449f4f8e
SSDEEP

786432:76DrnZZjyehu2r/MTNwXqTlgRoZCGQ3T:76v7uZ2XqBiZGQ3T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
loader_prod.exe

Files

loader_prod.exe
.exe windows:6 windows x64 arch:x64

2ad5bba9a7f55df153e18e95c7aa0b7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetComputerNameA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

GetActiveWindow

gdi32

DeleteDC

advapi32

OpenProcessToken

shell32

SHGetKnownFolderPath

ole32

CoCreateGuid

oleaut32

VariantClear

ntdll

NtClose

msvcp140

??1_Lockit@std@@QEAA@XZ

shlwapi

PathFindExtensionW

ws2_32

WSAGetLastError

crypt32

CertOpenStore

secur32

InitSecurityInterfaceW

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_47

D3DCompile

imm32

ImmSetCompositionWindow

gdiplus

GdipSaveImageToFile

dnsapi

DnsNameCompare_W

rpcrt4

UuidToStringW

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-string-l1-1-0

wcsnlen

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

fputc

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

_itow_s

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

ldexp

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

🧠McC>
Size: - Virtual size: 684KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

🧠=sSv
Size: - Virtual size: 630KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

🧠:v:.
Size: - Virtual size: 789KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

🧠#=9K
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

🧠QGxF
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

🧠Kpw/
Size: - Virtual size: 18.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

🧠P5Rr
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

🧠zIDm
Size: 26.4MB - Virtual size: 26.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

🧠@z@j
Size: 1024B - Virtual size: 737B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ad5bba9a7f55df153e18e95c7aa0b7b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ntdll

msvcp140

shlwapi

ws2_32

crypt32

secur32

d3d11

d3dcompiler_47

imm32

gdiplus

dnsapi

rpcrt4

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

🧠McC> Size: - Virtual size: 684KB

🧠=sSv Size: - Virtual size: 630KB

🧠:v:. Size: - Virtual size: 789KB

🧠#=9K Size: - Virtual size: 24KB

🧠QGxF Size: - Virtual size: 8KB

🧠Kpw/ Size: - Virtual size: 18.1MB

🧠P5Rr Size: 6KB - Virtual size: 5KB

🧠zIDm Size: 26.4MB - Virtual size: 26.4MB

🧠@z@j Size: 1024B - Virtual size: 737B

🧠McC>
Size: - Virtual size: 684KB

🧠=sSv
Size: - Virtual size: 630KB

🧠:v:.
Size: - Virtual size: 789KB

🧠#=9K
Size: - Virtual size: 24KB

🧠QGxF
Size: - Virtual size: 8KB

🧠Kpw/
Size: - Virtual size: 18.1MB

🧠P5Rr
Size: 6KB - Virtual size: 5KB

🧠zIDm
Size: 26.4MB - Virtual size: 26.4MB

🧠@z@j
Size: 1024B - Virtual size: 737B