Loader+Injector+Blocker[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Loader+Injector+Blocker.exe
Size

1.0MB
MD5

f92f0e60ec7b1e8441cbe141082b2e18
SHA1

f9a519f077e1191adcc3a691a4d6a163567ac944
SHA256

7100d39570d7316e84604d7f1f5ddc4d87b265450cfe1787ab41fae34eb44529
SHA512

f2313d3d0c7ab8e3541a400ff3a36949cc1773041de67d2279f688eba05caadd859fadd74d1d61a4a01e19e6dbbc3855be0fcab770f30d00bdf61d81c9db1ac4
SSDEEP

12288:2O3UI6ddlxMxFatnHYqFsjx8VOEBaXULItknquZnPZE9O2bJIC0fDNN:MImdDFtnH9FkxJEkXUE2nnO93l0fZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Loader+Injector+Blocker.exe

Files

Loader+Injector+Blocker.exe
.exe windows:6 windows x64 arch:x64

e0f11e317a62a57312cb39a94fc07aef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\cambo\Desktop\Loader+Injector+Blocker\x64\Release\Loader+Injector+Blocker.pdb

Imports

kernel32

LeaveCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetProcAddress
VerifyVersionInfoA
QueryPerformanceCounter
GetTickCount
MoveFileExA
WaitForSingleObjectEx
MultiByteToWideChar
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
WideCharToMultiByte
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
FindClose
VirtualProtect
EnterCriticalSection
LocalFree
FormatMessageA
SetLastError
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
CreateFileMappingW
CreateThread
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
QueryFullProcessImageNameW
DeviceIoControl
GetLastError
Sleep
WriteFile
GetFileSize
K32GetModuleInformation
Process32FirstW
LoadLibraryA
Process32NextW
CreateToolhelp32Snapshot
GetModuleHandleA
VirtualAlloc
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcess
VirtualFree
ReadFile
CloseHandle
CreateFileW
FindFirstFileW

user32

EnumWindows
GetWindowThreadProcessId
UnhookWinEvent
MessageBoxA
SetWinEventHook

advapi32

CryptGenRandom
CreateServiceW
CloseServiceHandle
OpenSCManagerW
StartServiceW
OpenServiceW
OpenProcessToken
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
InitializeAcl
IsValidSid
SetSecurityInfo
CopySid
ConvertSidToStringSidA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
QueryServiceStatusEx
CryptHashData
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptCreateHash

shell32

ShellExecuteA

msvcp140

??1_Lockit@std@@QEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xbad_function_call@std@@YAXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setf@ios_base@std@@QEAAHHH@Z
??7ios_base@std@@QEBA_NXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xout_of_range@std@@YAXPEBD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

normaliz

IdnToAscii

wldap32

ord143
ord60
ord45
ord50
ord41
ord211
ord26
ord27
ord32
ord33
ord35
ord22
ord79
ord30
ord200
ord301
ord217
ord46

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertOpenStore
PFXImportCertStore
CertAddCertificateContextToStore
CryptDecodeObjectEx
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptStringToBinaryA

ws2_32

__WSAFDIsSet
select
getaddrinfo
listen
recvfrom
sendto
gethostname
ntohl
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
ioctlsocket
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
freeaddrinfo
closesocket
setsockopt

shlwapi

PathFindFileNameW

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
strchr
memchr
_CxxThrowException
strstr
__std_exception_copy
__std_exception_destroy
__std_terminate
__C_specific_handler
__current_exception
__current_exception_context
memset
memcmp
memcpy
strrchr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vsprintf
_read
_write
_close
_open
_popen
fsetpos
_pclose
__acrt_iob_func
__stdio_common_vfprintf
fputc
fflush
fclose
fgets
fgetc
fwrite
_lseeki64
fgetpos
setvbuf
ungetc
fread
_fseeki64
ftell
_get_stream_buffer_pointers
fseek
feof
__p__commode
__stdio_common_vsscanf
fputs
fopen

api-ms-win-crt-runtime-l1-1-0

strerror
_getpid
exit
abort
system
__sys_nerr
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_beginthreadex
_invalid_parameter_noinfo
_crt_atexit
terminate
_resetstkoflw
_invalid_parameter_noinfo_noreturn
_errno
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_cexit
_exit
_initterm_e
_initterm
_seh_filter_exe
_get_initial_narrow_environment
_set_app_type

api-ms-win-crt-heap-l1-1-0

_set_new_mode
realloc
calloc
malloc
free
_callnewh

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_access
_stat64
_lock_file
_unlock_file
_unlink

api-ms-win-crt-math-l1-1-0

_dclass
__setusermatherr
_dsign

api-ms-win-crt-convert-l1-1-0

strtoull
strtoul
strtoll
atoi
strtod
strtol

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_time64
strftime
_localtime64
_gmtime64

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale
___lc_codepage_func

api-ms-win-crt-string-l1-1-0

strncmp
_strdup
tolower
strpbrk
isupper
strcmp
strncpy
strcspn
strspn

Sections

.text
Size: 475KB - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 447KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0f11e317a62a57312cb39a94fc07aef

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

msvcp140

normaliz

wldap32

crypt32

ws2_32

shlwapi

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

Sections

.text Size: 475KB - Virtual size: 475KB

.rdata Size: 114KB - Virtual size: 114KB

.data Size: 447KB - Virtual size: 450KB

.pdata Size: 20KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 475KB - Virtual size: 475KB

.rdata
Size: 114KB - Virtual size: 114KB

.data
Size: 447KB - Virtual size: 450KB

.pdata
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB