XaraDP_Loader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

XaraDP_Loader.exe
Size

64KB
MD5

b36ea488c31e5029de36d2e9ed758825
SHA1

75aeb9ac553cad51563473e9508352ef126915fd
SHA256

4b53ba7ea27dcbb3db47e74f1f4d7ebd775bd5272545856daad1718beb5dcfef
SHA512

4b632fc5c023e2528d32f26e9953306aef13e703d7cdf5e89545ec3460fa19d4cd542d74e9eb58324c42c6ebb23591f0f8482bdcdea01183419c6a206a3b0561
SSDEEP

1536:sd9inScEKKIc6cHiRQf+1FedqHz9kZ13mq:s7inwKKIcxk1F6YkD3mq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XaraDP_Loader.exe

Files

XaraDP_Loader.exe
.exe windows:5 windows x64 arch:x64

1ecf6b89fcca9155f09762161b0e68b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shell32

SHGetPathFromIDListW

psapi

GetMappedFileNameA

ole32

CoTaskMemFree

version

VerQueryValueW

user32

LoadIconW

oleaut32

SysFreeString

advapi32

FreeSid

gdi32

SaveDC

ntdll

NtQueryInformationProcess

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.MPRESS1
Size: 53KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE