loader[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

loader.exe
Size

497KB
MD5

145b7403a32b884f5fe00d4c485aa422
SHA1

f834a52db4faa218b2c125d99ce1b35a5949c469
SHA256

027754d90d66396ce26d04fe6ea7f6df93b584a9c09f4a61acb4979cc4bc1b00
SHA512

cf11118c28528c897bd7010746e17ca4c2551615c9ba914c14ccdd61e2070815cdba9cd1b5c303ab5f040fa1633aac0ac02777c5b26a1f15651939a904a5f10d
SSDEEP

12288:lhriOeNN4FmxCqon1UxCj2AqeMQm5A4e:3rkOFG3on1uGKF5A4e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
loader.exe

Files

loader.exe
.exe windows:6 windows x64 arch:x64

Password: 123

3c543ae16c361c8b2586a0f7afee05e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwmapi

DwmExtendFrameIntoClientArea

kernel32

Beep
CloseHandle
DeviceIoControl
Sleep
GetCurrentProcess
CreateThread
VirtualAlloc
VirtualFree
GetModuleHandleA
GetProcAddress
lstrcmpiA
MultiByteToWideChar
WideCharToMultiByte
SetConsoleTextAttribute
CreateFileW
GetConsoleWindow
CreateToolhelp32Snapshot
Process32First
Process32Next
GetStdHandle
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
SetConsoleTitleA

user32

GetWindow
FindWindowA
SetWindowLongA
GetWindowLongA
MessageBoxA
GetWindowRect
GetForegroundWindow
UpdateWindow
GetSystemMetrics
PeekMessageA
GetAsyncKeyState
SetWindowDisplayAffinity
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
CreateWindowExA
UnregisterClassA
RegisterClassA
PostQuitMessage
DefWindowProcA
mouse_event
OpenClipboard
CloseClipboard
DispatchMessageA
TranslateMessage
LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetActiveWindow
EmptyClipboard
GetClipboardData
SetClipboardData

gdi32

GetStockObject

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

msvcp140

?_Random_device@std@@YAIXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ

d3d9

Direct3DCreate9Ex

vcruntime140

strstr
__current_exception_context
__current_exception
__C_specific_handler
memcmp
_CxxThrowException
__std_exception_destroy
__std_exception_copy
memset
memmove
memchr
__std_terminate
memcpy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

strlen
strcmp
strncpy
isprint

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsprintf_s
fclose
__stdio_common_vsnprintf_s
_wfopen
__p__commode
_set_fmode
fflush
fread
fseek
ftell
__acrt_iob_func
fwrite
__stdio_common_vfprintf
__stdio_common_vsscanf

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
_set_new_mode

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-math-l1-1-0

atan2f
pow
powf
ceilf
cosf
floorf
sqrtf
asin
atan2
fabs
tanf
fmodf
__setusermatherr
sinf

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
terminate
_seh_filter_exe
_set_app_type
_invalid_parameter_noinfo_noreturn
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
exit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
system

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 297KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

3c543ae16c361c8b2586a0f7afee05e2

Headers

DLL Characteristics

File Characteristics

Imports

dwmapi

kernel32

user32

gdi32

imm32

msvcp140

d3d9

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 297KB - Virtual size: 297KB

.rdata Size: 178KB - Virtual size: 177KB

.data Size: 7KB - Virtual size: 11KB

.pdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 297KB - Virtual size: 297KB

.rdata
Size: 178KB - Virtual size: 177KB

.data
Size: 7KB - Virtual size: 11KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB