loader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

loader.exe
Size

22.3MB
MD5

d5bd426db19f51240da4d622e3e63d8c
SHA1

dded68d07afc74c2f75e2db3665b418932c742e5
SHA256

cea1e489a3cba964e35bca64d8da4315c23b5813e6669b44197821b52565a397
SHA512

c8c3fc9e899718e1af064572a7b16f7eb7540ee17ba8b319fb1b1ea81c91d744846d544d51c3b666536fc6bb33f8c2ad63a4daeee4b601e02fde87dab3c17f9a
SSDEEP

393216:gaLr9tmADTWC8joIHTG+5ke70LlhAeg0qa2QWCBWFopn37+oQ0Jh8:P9hDyCZIHTG+5gL5HWUW6p37+Yj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
loader.exe

Files

loader.exe
.exe windows:6 windows x64 arch:x64

c1c3f21c80d4d26e961bc9737d9c5845

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

wsprintfA

advapi32

RegQueryValueExA

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

wininet

InternetReadFile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

__p___argv

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-convert-l1-1-0

strtod

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-multibyte-l1-1-0

_mbsstr

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.<1f
Size: - Virtual size: 17.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.!$<
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.;ag
Size: 22.3MB - Virtual size: 22.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1c3f21c80d4d26e961bc9737d9c5845

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

wininet

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: - Virtual size: 353KB

.rdata Size: - Virtual size: 60KB

.data Size: - Virtual size: 4KB

.pdata Size: - Virtual size: 6KB

.<1f Size: - Virtual size: 17.6MB

.!$< Size: 3KB - Virtual size: 3KB

.;ag Size: 22.3MB - Virtual size: 22.3MB

.reloc Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 353KB

.rdata
Size: - Virtual size: 60KB

.data
Size: - Virtual size: 4KB

.pdata
Size: - Virtual size: 6KB

.<1f
Size: - Virtual size: 17.6MB

.!$<
Size: 3KB - Virtual size: 3KB

.;ag
Size: 22.3MB - Virtual size: 22.3MB

.reloc
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B