LogicalLoader[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

LogicalLoader.exe
Size

2.6MB
MD5

f8893bf89f25313452465c53931c131c
SHA1

e52dd13fc2279bb4a3b1538c91aa15fb45560cb3
SHA256

b3761fa02d69d96e691e684514c38b9ed48dc4f6b9e87983d872008435ed526d
SHA512

aa3ce707b4b6959c42755d8585b8bdb88ec2020ce8fc8633f55484e41bcb6bb215f2c02f4d66529b7e399ec7c674341a1e91c8dd55a877f638045eafb0e4a0fd
SSDEEP

49152:/DsncgrPHJEsPl0OqT8X+qrQJAohxg5w6G0NEe+G:Y64t+ZuoXg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
LogicalLoader.exe

Files

LogicalLoader.exe
.exe windows:6 windows x64 arch:x64

89e4162fecc18a6fd14f8449f97b254a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\yvngx\source\repos\LogicalLoader\x64\Release\LogicalLoader.pdb

Imports

ws2_32

WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getpeername
WSAWaitForMultipleEvents
gethostname
ioctlsocket
getsockopt
sendto
recvfrom
freeaddrinfo
getaddrinfo
recv
listen
htonl
getsockname
connect
bind
accept
select
__WSAFDIsSet
socket
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
WSASetLastError
ntohs
WSAGetLastError
closesocket

crypt32

CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CryptStringToBinaryA
CertGetNameStringA
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
PFXImportCertStore

wldap32

ord60
ord46
ord217
ord50
ord41
ord45
ord211
ord79
ord22
ord301
ord200
ord30
ord143
ord35
ord33
ord32
ord27
ord26

normaliz

IdnToAscii

wintrust

WinVerifyTrustEx

d3d9

Direct3DCreate9

kernel32

HeapFree
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
DeleteFileW
WaitForSingleObject
FlushFileBuffers
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
WriteFile
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
RtlVirtualUnwind
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
RtlPcToFileHeader
GetModuleHandleW
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
GetCurrentProcess
GetModuleFileNameW
K32GetModuleFileNameExW
OpenProcess
CreateToolhelp32Snapshot
GetLastError
Process32NextW
CreateProcessW
CloseHandle
K32EnumProcessModules
IsWow64Process
WriteProcessMemory
RtlAddFunctionTable
Sleep
VirtualProtectEx
VirtualAllocEx
ReadProcessMemory
CreateRemoteThread
VirtualFreeEx
GetExitCodeProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemDirectoryA
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetCurrentProcessId
SleepEx
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetCPInfo
GetStringTypeW
WakeAllConditionVariable
LCMapStringEx
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
GetCurrentThreadId
SleepConditionVariableSRW
TryAcquireSRWLockExclusive
GetLocaleInfoEx
FormatMessageA
LocalFree
HeapReAlloc
SetStdHandle
SetEndOfFile
HeapSize
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetFileInformationByHandleEx
GetProcessHeap
WriteConsoleW
Process32FirstW
RtlUnwind
InterlockedPushEntrySList
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
SetUnhandledExceptionFilter

user32

ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
IsWindowUnicode
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
DefWindowProcW
GetWindowRect
DestroyWindow
SetWindowPos
CreateWindowExW
UnregisterClassW
RegisterClassExW
ShowWindow
DispatchMessageW
PeekMessageW
TranslateMessage
GetClientRect
PostQuitMessage
UpdateWindow
GetMessageExtraInfo
GetKeyState
FindWindowW
CloseClipboard

advapi32

CryptImportKey
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptEncrypt
CryptAcquireContextA
CryptDestroyKey
CryptDestroyHash

shell32

ShellExecuteA

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 353KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89e4162fecc18a6fd14f8449f97b254a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

crypt32

wldap32

normaliz

wintrust

d3d9

kernel32

user32

advapi32

shell32

imm32

bcrypt

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 353KB - Virtual size: 353KB

.data Size: 16KB - Virtual size: 215KB

.pdata Size: 187KB - Virtual size: 186KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 353KB - Virtual size: 353KB

.data
Size: 16KB - Virtual size: 215KB

.pdata
Size: 187KB - Virtual size: 186KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 20KB - Virtual size: 19KB