loader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

loader.exe
Size

1.7MB
MD5

6a7a0955f81dcd1e862027ba2154bc6a
SHA1

52d8f99e2e72b577d58e20264ea256523064a7ad
SHA256

1f27e3d18549d8550456e039a66e821f847ab0df7cad747510b408e20d8d782b
SHA512

5e94c6a49be145eab75428526481d389b2b3cb0928e560742b4eff0ea32845d19c17f5ded7747c0aa87fb04208d8e9fd98b4d9e789e586a46628e56f4ee50166
SSDEEP

24576:DhAO1VM/3yzJjaoBhbhQAwwRrUOz0w+pZ2h0lhSMXlPannzEI3NpX0mJ/xPPPrc/:DqSVMPiJjFKAwweOzl+CnnzEIXDZPPA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
loader.exe

Files

loader.exe
.exe windows:6 windows x64 arch:x64

c3df82716b462069996522d9d25d77f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\vexxy\Downloads\-mgui-loader-menu-main\-mgui-loader-menu-main\examples\example_win32_directx11\Release\loader.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

dxgi

CreateDXGIFactory

kernel32

MapViewOfFile
UnmapViewOfFile
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetLastError
HeapFree
GetCurrentThreadId
CreateFileMappingA
InitializeSListHead
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentProcessId
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
HeapAlloc
CloseHandle
GetFileSizeEx
GetSystemTimeAsFileTime
LocalFree
ReadFile
CreateFileA
TerminateProcess

user32

DestroyWindow
MessageBoxW
CreateWindowExW
GetSystemMetrics
UnregisterClassW
RegisterClassExW
ShowWindow
DispatchMessageW
GetWindowRect
SetWindowLongA
PeekMessageW
MoveWindow
SetLayeredWindowAttributes
TranslateMessage
LoadIconW
PostQuitMessage
UpdateWindow
DefWindowProcW
GetMessageExtraInfo
GetWindowLongW
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetKeyboardLayout
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
SetCursorPos
GetCursorPos
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetKeyState
GetClipboardData

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
VariantClear
SysFreeString

msvcp140

?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?uncaught_exceptions@std@@YAHXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?good@ios_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Random_device@std@@YAIXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

dwmapi

DwmExtendFrameIntoClientArea

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
memcpy
memmove
memset
memcmp
strrchr
longjmp
memchr
strstr
__C_specific_handler
__current_exception
__current_exception_context
__intrinsic_setjmp
_purecall
__std_exception_copy
__std_exception_destroy
__std_terminate

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_exit
_invalid_parameter_noinfo_noreturn
_wassert
terminate
_register_thread_local_exe_atexit_callback
_c_exit
exit
_initterm_e
_initterm
system
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_get_narrow_winmain_command_line
_errno

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
_callnewh
_aligned_malloc
_aligned_free
free

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-stdio-l1-1-0

setvbuf
_wfopen
_set_fmode
ungetc
fgetpos
fputc
__stdio_common_vfprintf
__p__commode
_fseeki64
fsetpos
_get_stream_buffer_pointers
__acrt_iob_func
fseek
fclose
fflush
fgetc
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
fwrite
ftell

api-ms-win-crt-math-l1-1-0

sinf
sqrt
__setusermatherr
powf
fmodf
cosf
ceilf
acosf
pow
sqrtf

api-ms-win-crt-string-l1-1-0

strncmp
strncpy
strcmp

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 791KB - Virtual size: 790KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 370KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 553KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3df82716b462069996522d9d25d77f5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

d3dcompiler_43

dxgi

kernel32

user32

ole32

oleaut32

msvcp140

imm32

d3dx11_43

dwmapi

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 791KB - Virtual size: 790KB

.rdata Size: 370KB - Virtual size: 369KB

.data Size: 553KB - Virtual size: 560KB

.pdata Size: 37KB - Virtual size: 37KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 791KB - Virtual size: 790KB

.rdata
Size: 370KB - Virtual size: 369KB

.data
Size: 553KB - Virtual size: 560KB

.pdata
Size: 37KB - Virtual size: 37KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 4KB - Virtual size: 4KB