W��J)w�+h�&�&hZ@����+)�">B�b���?ͮs�*�8ٵ#U���fG�-r�%�3��S߇�s��[.t�q��p�!A�����kӿ���I�"I��i��#]0CqcA�q��`�]p�6�}yY��k��`^nJJ#����}Ɉ�[��녣О6��Z)�h���� ��TV�\�ڬ?{�݁weYOo��T���p��P:��z� ����&�G�����ښ�/Y�c��jSd>}�NF/�b4��& ��<�%F=���!�qç�a�����h��5�88���I`��R����3����a(1D��TD�@ʖب���X<�| ~K����� .YƦ��ƉnU�8�v�o�0䓢���f#7�Hi7Vĥ&�Y�˶n�/:�U@ٟ1:l���ޞ.߁:�I��j%0�$h�[{����R3yg��+-���B�>�T�j&�h�uo�p<�7P��"3?�]>z�ڕ� Ga���i�E=� �jD�����jM�4��}��e��z����ݍo�Ǻ�����t�&2�DŽmq�z��r�ʥS$�e{�|Z�R�mO!!Nc-�9��*E$>-UFe����ߏ8�e�� u���$�Kp�� UR�Ӂ�&E#Ā�����ԻU�cA̓�z=��ˇg�e}��<�=R0aJV�0G9���k��M5s�g�c�i��N/�R���M&����@�ƥp�$H�捿 ��lqS�U�5;3唧s�dZSu@[���lP�Ҁ�E\��ޥ ��+�w�a�3%,���F?�'�����0"ﷷ�3��� _����[T�T���j�l1ծ���v��Z��WD���� ���KM�,�+Oc�����<��䦄��y.Ǖͩ<CS�5�H��3F�^+��g)��D��{�ȉW�������u��0�? U�uDt��6|� �����sugZOG�ԇ�S]υ�p ܮ4F��{�H �Ժu��%��);� b�p���q�Zؓn��Z�d:Ԅ���if�j�nv. ���e���8o��bx���i�S�j��������*A%�[�^�S�1�)�]�Km������|0y8�ݽ2t=.F8� �m���v}���9���u����5E���>�M@�c��= O��QѬ��<�J�D}�^3�K���&)���ѹ�з��5g`�G@�q���o�t��[O�&y w��˧IQ���Ԋv$r�3��A3h����1�tr���e�O��*���n$J���{N�d���C�ƻ{��G���;n�~M��UE"�X��~eL��_[(���[�q�{uFM��s���Ӝ��Έ��q�}�FY�Q̚��iZj~?�_�7:��]Cr�B�1��{�)4��4B��-�g5 ���3I��W�v�3 �ـԋ܂���N�y�|i�#��Ǘ��ِ�h�"-uу-�S..HT��|�A �MP:��Y��;l$e���^ܲ�5���am,u_@l�Ρ����S�F��C���i���*<��k��ʰ�b�x����3���n�~�ZU�0Ik$�EE����R�˻�8b�,x�o��E}G��#Z��N��������_�Pd첒�l��ژU�K��m$�}h N�Ѭ�;��oHc�y߹ *!ѭ~�sO� �c�h�F�{�g�.Nd�� �"û=�]� D��_��-U�b�b{[���X>0�RS����9�ϐ.ɦ���¯�2s� �L�c�#3��O�n^��}Ӱ?U6E�J�(��+/'�K����䷖�ѭ�� ����kڛN_������E����hWa�]��w]�X(�a<?�<�a(|ӧ���+[�%��`q��cg���)��� Aoj����R��U�!K�z��ӻySo?��ťЭ��#Pij����-��rǻΕ�m����ٸL�����n)2?eҿ6���6m�l�^ Ә�p�����s�pwT߶^Ͼgw�V�b��1Ƀ,����$��48D�`�}���"���3��_�q�[_ߑŵ Y��efu�lA�(�ފ~*��I��R��� $���%�|��b+�� ^ӞG�]|_��1N�sO���ZdR�X�bTn.���a��y���wCN"H���@������/ xC����[��%5j�j����Bz3��g'�BF����o�N%Wu:!�D�uԊV�=�-����dA?Xr�宦oڌ��N���r�������Awu��0Կ:\�F�����"���ӆs��L�L�اا���O�,œ}��:]G,��ʺ#*���! �����Ҷ�Y��|$ghK�%� Dz�l3Fg�Y%8j�l<d����p�T�U%���Q���4��HA �D ����?�9I�h�Y���9�O�1� Ui���Fߊ����Y�a�����]Q��w�����{��I�` ࣑;���ͭ=KKz$�ʥ��]��V����T| �R&M�xd�Tyߒ�� <�v�8'� �e�K^��J7F�u���'��3� �M���%j����L��o����Ɣ:N�-=���*`w��H�� &;���}�������d\�jܙ�%��9!�q�c��ʈ�y L4 >���d��Z-� |Kp�r�Z(�����w �-k�fBNA|B ���G$b�T���ϱ�B�B��Y��9|� ���Kn��cQ��0v^��P��W ��������`����Ԏ�v��$��,>���sY�f:))�Q����������fpe�U��NZ���"��:F���V4p#lj(��>Cq�Fp�D�֓A�b4`����b5%�G8\J�8��ǫ<���,V��M���_�+�[M���^ W�D�<�z����e����TA%�mQ�E�^B��)�n�K��v�^o����o[֗�VҚ��9�*�����ؠ�y��m��,����7�#���M����+n��m}�������X�O:Yc�V�����F�� ������V �o+�[z�~�xErx�Y�E3��$���QTz��������t{G�T�S����Q����EJ_��S���v�����J[�#\E�$��~�hOk
Static task
static1
Behavioral task
behavioral1
Sample
loader_6d234b4641888ff6e9b34d96.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
loader_6d234b4641888ff6e9b34d96.exe
Resource
win10v2004-20240802-en
General
-
Target
loader_6d234b4641888ff6e9b34d96.exe
-
Size
16.5MB
-
MD5
3f957ad9fa438149077a3bc438231e86
-
SHA1
1b94d0b61ff0353dae14262f23ca8757f4f136fe
-
SHA256
0ad465b3b8f331f98e9e26f190487dcd6e94e18986a96f8961b799ab33adc388
-
SHA512
f64278ad01ba31079a0d86b2ac34a8a1e52aef764dea05c9beabc26513c87aae91affc571975a6d4bb82ccc14a0024b4e62b22b571155b5e1a7229f269dfbb84
-
SSDEEP
393216:dcE58YUoJo7nOx1FvPk9nfvuxKAsyytpTUG/cpMommwXHNcnMbs:dcE3LJlRvPkRvPV4G/csDt
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource loader_6d234b4641888ff6e9b34d96.exe
Files
-
loader_6d234b4641888ff6e9b34d96.exe.exe windows:6 windows x64 arch:x64
a6fc2f60c4cb025bf6fedb697fcd0a10
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
d3d11
D3D11CreateDeviceAndSwapChain
d3dcompiler_43
D3DCompile
kernel32
VirtualProtect
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
SetCursorPos
CharUpperBuffW
advapi32
RegCloseKey
d3dx11_43
D3DX11CreateShaderResourceViewFromMemory
imm32
ImmGetContext
ntdll
RtlLookupFunctionEntry
Exports
Exports
Sections
.text Size: - Virtual size: 913KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 206KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 5.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.fptable Size: - Virtual size: 256B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.92= Size: - Virtual size: 10.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.!)C Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.~_$ Size: 16.5MB - Virtual size: 16.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 200B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ