zloader | 6d8057a304f6cc2f98605895201bf0f0edad410691bc78c3e5dd8557f3a38f99

General

Target

6d8057a304f6cc2f98605895201bf0f0edad410691bc78c3e5dd8557f3a38f99
Size

76KB
MD5

e0e0fff2a1e3db2bfcf7d51a48ca3846
SHA1

b08f2bf05db2fad695810bf0130b02f798225695
SHA256

6d8057a304f6cc2f98605895201bf0f0edad410691bc78c3e5dd8557f3a38f99
SHA512

0c03ba1b413926a0cb3ee7d49e68c3f3ffcf4cc21cf28f5fb19cdf3eea7b7ebdd08983bec460f5055ebd5b87d57e6a3528389f02c23b09c12bb8068d0acb6cf5
SSDEEP

1536:aA9eWob96BtghFvoOfYP9vlgh+XLT0pHetTB9kAeBicr09gaAEq18bjK5l:aA7bgIOgP9agX/EetQh6JAKjK5l

Score

10^/10

bing_mod4 m1 zloader

Malware Config

Extracted

Family

zloader

Botnet

Bing_Mod4

Campaign

M1

C2

https://adslstickerhi.world

rc4.plain

rsa_pubkey.plain

Signatures

Zloader family
zloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/b08a25a49a4e80001ac6cafc08a2e03d946a614f53b747fa1bac3a3e2b712a72

Files

6d8057a304f6cc2f98605895201bf0f0edad410691bc78c3e5dd8557f3a38f99
.zip

Password: infected
b08a25a49a4e80001ac6cafc08a2e03d946a614f53b747fa1bac3a3e2b712a72
.dll windows:6 windows x64 arch:x64

29555fdc22e99644ec17992e2f69f852

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
GetTempPathW

Exports

Exports

Ukflvlg

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 444B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

29555fdc22e99644ec17992e2f69f852

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 156KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 13KB - Virtual size: 13KB

.pdata Size: 444B - Virtual size: 444B

.reloc Size: 12B - Virtual size: 12B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 156KB - Virtual size: 156KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 13KB - Virtual size: 13KB

.pdata
Size: 444B - Virtual size: 444B

.reloc
Size: 12B - Virtual size: 12B

.rsrc
Size: 1KB - Virtual size: 1KB