23LOADER[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

23LOADER.exe
Size

6.9MB
MD5

1956f886760d07a351cc8e557b76854a
SHA1

a0fc3fcf7a4038f169ab9eb1559ada9a869c4173
SHA256

8a240a6a7e8768248e0f2aacca34db7f884d1c6f0264861366ba3a45053f3c26
SHA512

fbeb8d31606ced9c5fd1cb7203e735030dbf7cbe9fe0a8f487015cc62dd5a5e233d1c099704f8c3e1cebbb354b259c8e17d6ae6ddf61427a07faca37474dad9d
SSDEEP

98304:iSGGzYCwD5n8oKsCjIDXfuJ8l1uQA8vnNTy8Vf:iSGGrwZosCjIDPkauAvJyOf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23LOADER.exe

Files

23LOADER.exe
.exe windows:6 windows x64 arch:x64

b09035e2a812b9fa51c7796e38f29c82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\PC\Desktop\Programing\Project C++\23SHOP\LOADER MENU\autumn - menu 2\imgui-features-shadows\examples\example_win32_directx11\Release\Directx11.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

kernel32

GetCurrentDirectoryA
GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime
GetLocalTime
GetSystemTime
CompareFileTime
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateFileW
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentDirectoryW
WakeAllConditionVariable
DeleteCriticalSection
ReleaseSRWLockExclusive
GetFileSizeEx
CreateFileA
FormatMessageA
SetLastError
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
DeleteFileW
ExitProcess
GetComputerNameA
CreateThread
GetTickCount
WritePrivateProfileStringA
SleepConditionVariableSRW
CreateDirectoryW
AllocConsole
GetPrivateProfileStringA
CreateProcessA
RtlVirtualUnwind
GetConsoleWindow
CloseHandle
DeleteFileA
GetLastError
GetTempPathA
Sleep
SetFileAttributesW
OpenProcess
GetFileAttributesW
InitializeCriticalSectionEx
LeaveCriticalSection
TerminateProcess
SetConsoleTitleA
EnterCriticalSection
QueryPerformanceCounter
MoveFileW
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
GetVersionExA
LoadLibraryW
WriteFile
SetEndOfFile
GetFileSize
InitializeCriticalSection
GetOEMCP
GetACP
GetComputerNameW
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetFullPathNameW
SetFilePointer
SetFileAttributesA
AcquireSRWLockExclusive

user32

MessageBoxW
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
IsWindowUnicode
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
TrackMouseEvent
ClientToScreen
GetCapture
ScreenToClient
LoadCursorA
GetMessageExtraInfo
GetKeyState
UpdateWindow
RegisterClassExA
PostQuitMessage
UnregisterClassA
PeekMessageA
LoadIconA
wsprintfW
TranslateMessage
SetLayeredWindowAttributes
CreateWindowExA
DefWindowProcA
MoveWindow
MessageBoxA
GetWindowLongA
SetWindowLongA
DestroyIcon
ShowWindow
GetSystemMetrics
GetWindowThreadProcessId
DestroyWindow
DispatchMessageA
GetWindowRect

advapi32

CryptSignHashA
GetCurrentHwProfileW
CryptExportKey
CryptGetUserKey
CryptGetProvParam
RegQueryValueExA
RegCloseKey
RegOpenKeyExW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
RegOpenKeyExA
CryptSetHashParam

shell32

ShellExecuteA
Shell_NotifyIconA

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

msvcp140

??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?good@ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getname@_Locinfo@std@@QEBAPEBDXZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@HPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_init_in_situ
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
_Cnd_destroy_in_situ
_Thrd_detach
_Query_perf_counter
_Cnd_do_broadcast_at_thread_exit
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Random_device@std@@YAIXZ
?id@?$ctype@D@std@@2V0locale@2@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@_N@Z
?_Makeloc@_Locimp@locale@std@@CAPEAV123@AEBV_Locinfo@3@HPEAV123@PEBV23@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xruntime_error@std@@YAXPEBD@Z

d3dx11_43

D3DX11CreateShaderResourceViewFromFileW
D3DX11CreateShaderResourceViewFromMemory

shlwapi

PathAppendA

urlmon

URLDownloadToFileA

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strrchr
__C_specific_handler
__std_exception_destroy
memchr
memcpy
memset
memmove
memcmp
strchr
__current_exception
__current_exception_context
_CxxThrowException
wcsstr
strstr
__std_terminate
__std_exception_copy

api-ms-win-crt-stdio-l1-1-0

__p__commode
ftell
_read
_write
_close
_open
__acrt_iob_func
fflush
fclose
fseek
__stdio_common_vfprintf
fwrite
fopen_s
_wfopen
fread
__stdio_common_vsscanf
_set_fmode
_chsize_s
_lseeki64
freopen
fputc
fgets
fopen
_filelength
feof
_filelengthi64
fputs
_fileno
_fseeki64
__stdio_common_vsprintf
_telli64
ferror

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

_strdup
isupper
islower
strncpy_s
strpbrk
_stricmp
strncpy
strcmp
tolower
_strnicmp
isalnum
strcspn
strncmp
toupper
strspn
towlower
towupper

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
_set_new_mode
malloc
free
calloc

api-ms-win-crt-convert-l1-1-0

strtoul
strtol
atoi
_atoi64
strtoll

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
exit
_beginthreadex
system
terminate
_errno
strerror
_getpid
__sys_nerr
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_get_narrow_winmain_command_line
_initterm
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit
_exit

api-ms-win-crt-time-l1-1-0

_gmtime64
_tzset
_localtime64_s
_difftime64
_mktime64
_time64

api-ms-win-crt-filesystem-l1-1-0

_access
_stat64
_fstat64
_unlink

api-ms-win-crt-math-l1-1-0

acosf
__setusermatherr
sqrtf
cosf
floorf
fmodf
powf
sinf
ceilf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

ws2_32

inet_addr
gethostbyname
ntohl
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
ntohs
WSACleanup
WSAStartup
WSAIoctl
socket
htons
setsockopt
shutdown
inet_ntoa
closesocket
recv
send
WSAGetLastError
WSASetLastError
bind
connect
getpeername
getsockname
getsockopt

wldap32

ord301
ord79
ord27
ord30
ord26
ord22
ord41
ord35
ord33
ord200
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord32

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertGetNameStringA
CryptQueryObject
CertOpenStore
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFindExtension
CertFreeCertificateChain
CertCloseStore

normaliz

IdnToAscii

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 666KB - Virtual size: 682KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vlizer
Size: 2.1MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b09035e2a812b9fa51c7796e38f29c82

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

d3dcompiler_43

dwmapi

kernel32

user32

advapi32

shell32

imm32

msvcp140

d3dx11_43

shlwapi

urlmon

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

ws2_32

wldap32

crypt32

normaliz

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 666KB - Virtual size: 682KB

.pdata Size: 80KB - Virtual size: 80KB

.rsrc Size: 262KB - Virtual size: 261KB

.reloc Size: 7KB - Virtual size: 7KB

.vlizer Size: 2.1MB - Virtual size: 7.8MB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 666KB - Virtual size: 682KB

.pdata
Size: 80KB - Virtual size: 80KB

.rsrc
Size: 262KB - Virtual size: 261KB

.reloc
Size: 7KB - Virtual size: 7KB

.vlizer
Size: 2.1MB - Virtual size: 7.8MB