sAsBCgmQrGmAgIGl
Static task
static1
1 signatures
General
-
Target
Loader.zip
-
Size
8.1MB
-
MD5
9e3fe0f138adff5cb22e4dd0a85b87a4
-
SHA1
de25f57454e80e326eceaa3f2f9a057974beb1b5
-
SHA256
638b6ac90f7f0d8cc3b1414add154f2e01b008b7fce8e10687f149f43109d7a8
-
SHA512
5283fbd37aacfb721daa57a5811e3d5c11fc09001f25b1f3e83dafae52106ded7318853a5ab2f3ba36ee7ef347ec468516048a86d5ea328e88cc0d5859c31a2d
-
SSDEEP
196608:O0n/uH04M/gN3YPJcs6j9k4Da+YPZddYgxjl2T6TNej3hhI:OoeMogcXZavJM6wjRhI
Score
3/10
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/Loader/Loader.exe unpack001/Loader/cr.dll
Files
-
Loader.zip.zip
-
Loader/Loader.exe.exe windows:4 windows x86 arch:x86
Password: 2024
3c786137af220bbbe2b39cb10db4323a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GlobalAlloc
GlobalFlags
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
CloseHandle
ExpandEnvironmentStringsA
GetNumaNodeNumberFromHandle
GetSystemWindowsDirectoryW
GetTapePosition
IdnToUnicode
SetFileBandwidthReservation
TransmitCommChar
msvcrt
__getmainargs
__initenv
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_initterm
_iob
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf
clusapi
CloseClusterNotifyPort
ClusterRegDeleteValue
ClusterResourceOpenEnum
GetClusterFromGroup
GetClusterFromNode
GetClusterQuorumResource
comctl32
CreateStatusWindowW
DSA_Destroy
DefSubclassProc
DrawStatusTextA
FlatSB_EnableScrollBar
LBItemFromPt
eappprxy
EapHostPeerClearConnection
EapHostPeerEndSession
EapHostPeerFreeEapError
EapHostPeerFreeRuntimeMemory
EapHostPeerGetResponseAttributes
EapHostPeerGetSendPacket
EapHostPeerProcessReceivedPacket
EapHostPeerSetUIContext
EapHostPeerUninitialize
qwave
QOSAddSocketToFlow
QOSCreateHandle
QOSEnumerateFlows
QOSQueryFlow
QOSRemoveSocketFromFlow
QOSSetFlow
QOSStopTrackingClient
setupapi
CM_Get_DevNode_Registry_PropertyW
CM_Get_Resource_Conflict_Count
SetupDiDeleteDeviceInterfaceRegKey
SetupGetInfDriverStoreLocationA
SetupSetDirectoryIdA
SetupWriteTextLogInfLine
sspicli
DecryptMessage
EnumerateSecurityPackagesW
GetUserNameExA
ImpersonateSecurityContext
InitializeSecurityContextA
SaslInitializeSecurityContextA
SspiFreeAuthIdentity
VerifySignature
userenv
DeleteProfileA
ExpandEnvironmentStringsForUserW
FreeGPOListW
GetUserProfileDirectoryW
ProcessGroupPolicyCompleted
RefreshPolicy
RsopAccessCheckByType
RsopSetPolicySettingStatus
usp10
ScriptItemize
ScriptJustify
ScriptRecordDigitSubstitution
ScriptStringAnalyse
ScriptStringFree
ScriptStringGetOrder
ScriptTextOut
ScriptXtoCP
winmm
auxGetNumDevs
auxSetVolume
joySetThreshold
midiOutGetID
mixerSetControlDetails
mmioGetInfo
mmioSetBuffer
waveInReset
wkscli
NetUseAdd
NetUseGetInfo
NetValidateName
NetWkstaGetInfo
NetWkstaSetInfo
NetWkstaUserEnum
NetWkstaUserSetInfo
cr
sAsBCgmQrGmAgIGl
Sections
.text Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.eh_fram Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 188B
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 683.6MB - Virtual size: 592B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Loader/cr.dll.dll windows:4 windows x86 arch:x86
Password: 2024
3711bb8756d5f4974e0f68de8aa75adc
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
Imports
kernel32
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WriteConsoleW
CloseHandle
ExpandEnvironmentStringsA
GetNumaNodeNumberFromHandle
GetSystemWindowsDirectoryW
GetTapePosition
IdnToUnicode
SetFileBandwidthReservation
TransmitCommChar
msvcrt
_amsg_exit
_initterm
_iob
_lock
_unlock
abort
calloc
free
fwrite
realloc
strlen
strncmp
vfprintf
clusapi
CloseClusterNotifyPort
ClusterRegDeleteValue
ClusterResourceOpenEnum
GetClusterFromGroup
GetClusterFromNode
GetClusterQuorumResource
comctl32
CreateStatusWindowW
DSA_Destroy
DefSubclassProc
DrawStatusTextA
FlatSB_EnableScrollBar
LBItemFromPt
eappprxy
EapHostPeerClearConnection
EapHostPeerEndSession
EapHostPeerFreeEapError
EapHostPeerFreeRuntimeMemory
EapHostPeerGetResponseAttributes
EapHostPeerGetSendPacket
EapHostPeerProcessReceivedPacket
EapHostPeerSetUIContext
EapHostPeerUninitialize
qwave
QOSAddSocketToFlow
QOSCreateHandle
QOSEnumerateFlows
QOSQueryFlow
QOSRemoveSocketFromFlow
QOSSetFlow
QOSStopTrackingClient
setupapi
CM_Get_DevNode_Registry_PropertyW
CM_Get_Resource_Conflict_Count
SetupDiDeleteDeviceInterfaceRegKey
SetupGetInfDriverStoreLocationA
SetupSetDirectoryIdA
SetupWriteTextLogInfLine
sspicli
DecryptMessage
EnumerateSecurityPackagesW
GetUserNameExA
ImpersonateSecurityContext
InitializeSecurityContextA
SaslInitializeSecurityContextA
SspiFreeAuthIdentity
VerifySignature
userenv
DeleteProfileA
ExpandEnvironmentStringsForUserW
FreeGPOListW
GetUserProfileDirectoryW
ProcessGroupPolicyCompleted
RefreshPolicy
RsopAccessCheckByType
RsopSetPolicySettingStatus
usp10
ScriptItemize
ScriptJustify
ScriptRecordDigitSubstitution
ScriptStringAnalyse
ScriptStringFree
ScriptStringGetOrder
ScriptTextOut
ScriptXtoCP
winmm
auxGetNumDevs
auxSetVolume
joySetThreshold
midiOutGetID
mixerSetControlDetails
mmioGetInfo
mmioSetBuffer
waveInReset
wkscli
NetUseAdd
NetUseGetInfo
NetValidateName
NetWkstaGetInfo
NetWkstaSetInfo
NetWkstaUserEnum
NetWkstaUserSetInfo
Exports
Exports
Sections
.text Size: 793KB - Virtual size: 792KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 586KB - Virtual size: 586KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.eh_fram Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 184B
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 82B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 44B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 683.6MB - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ