LoaderRover[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

LoaderRover.exe
Size

19.2MB
MD5

15866c6913e118e782c424b43ce0f86a
SHA1

1134c0b70ba61e4f010fc249d0b6f5391d74740f
SHA256

35ccbbd5b46bae81dd7c03199c4e31e2eddb776e5f71b40e1b7589d01aec1c44
SHA512

1fe9dc3b2e3bb4e3af4793266ab38bce2a5dc15478e3d16d04ead423dd6849d03afc957c934bcbf03b03983619e5c43da4f423fb679b1da32f62eccfdba9c84f
SSDEEP

393216:mx0JbQi3Rcc4JrF2KgjzscXzGJjzI/r3yVgRHjpcSw69qVUMKhgNF9klxAs5Z:TJci3Rn4X2KgjzxqJjzO6/wg+hgN/s5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
LoaderRover.exe

Files

LoaderRover.exe
.exe windows:6 windows x64 arch:x64

888516d47110724b17ba3bd971d7caec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Desktop\RoverCheats\RoverLoader\examples\example_win32_directx11\Release\LoaderRover.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

kernel32

WaitForMultipleObjects
CreateFileA
GetFileSizeEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
PeekNamedPipe
RtlLookupFunctionEntry
RtlVirtualUnwind
MoveFileExA
VerifyVersionInfoA
GetSystemDirectoryA
SleepEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReadFile
GetFileType
GetStdHandle
GetEnvironmentVariableA
RtlCaptureContext
TerminateProcess
IsProcessorFeaturePresent
GetLastError
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetLocaleInfoEx
GetCurrentDirectoryW
LeaveCriticalSection
FindClose
FindFirstFileW
GetFileAttributesExW
GetModuleFileNameA
AreFileApisANSI
GetFileInformationByHandleEx
OutputDebugStringW
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentProcess
CreateThread
VirtualProtect
CreateFileMappingW
AllocConsole
GetTickCount
CloseHandle
WaitForSingleObjectEx
EnterCriticalSection
LocalFree
FormatMessageA
SetLastError
QueryFullProcessImageNameW
GetModuleHandleW
CreateDirectoryW
GetModuleFileNameW
CreateFileW
UnmapViewOfFile
Sleep
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
MapViewOfFile
IsDebuggerPresent

user32

CreateWindowExW
GetSystemMetrics
UnregisterClassW
RegisterClassExW
ShowWindow
DispatchMessageW
SetWindowLongA
GetCursorPos
OpenClipboard
PeekMessageW
MoveWindow
SetLayeredWindowAttributes
TranslateMessage
DestroyWindow
CloseClipboard
GetWindowLongW
LoadIconW
PostQuitMessage
FindWindowA
UpdateWindow
GetKeyState
GetClientRect
ReleaseCapture
ScreenToClient
GetCapture
ClientToScreen
IsWindowUnicode
TrackMouseEvent
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
DefWindowProcW
SetCursorPos
GetWindowRect
GetClipboardData
MessageBoxA
SetClipboardData
EmptyClipboard

shell32

ShellExecuteA

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

msvcp140

?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xbad_function_call@std@@YAXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?width@ios_base@std@@QEBA_JXZ
?setf@ios_base@std@@QEAAHHH@Z
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

dwmapi

DwmExtendFrameIntoClientArea

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

urlmon

URLDownloadToFileA

normaliz

IdnToAscii

wldap32

ord301
ord60
ord45
ord211
ord50
ord46
ord41
ord200
ord217
ord30
ord143
ord33
ord22
ord79
ord27
ord32
ord26
ord35

crypt32

CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetCertificateChain
CertFreeCertificateChain

ws2_32

freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
gethostname
recvfrom
listen
htonl
accept
WSACleanup
ntohl
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
closesocket
sendto

shlwapi

PathFindFileNameW

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

psapi

GetModuleInformation

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
__std_terminate
strstr
__std_exception_destroy
__std_exception_copy
_CxxThrowException
memchr
memcmp
memcpy
__C_specific_handler
__current_exception_context
__current_exception
memmove
strchr
strrchr

api-ms-win-crt-stdio-l1-1-0

ftell
__acrt_iob_func
fflush
__p__commode
_lseeki64
fclose
fseek
__stdio_common_vfprintf
fwrite
_wfopen
feof
fputs
fopen
__stdio_common_vsprintf
_read
_write
_close
_open
fread
__stdio_common_vsscanf
_set_fmode
ungetc
setvbuf
_popen
_pclose
_fseeki64
fsetpos
fputc
fgets
fgetpos
fgetc
_get_stream_buffer_pointers

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

isupper
strspn
strcspn
strncmp
strcmp
_strdup
strncpy
strpbrk
tolower

api-ms-win-crt-heap-l1-1-0

free
malloc
calloc
_set_new_mode
_callnewh
realloc

api-ms-win-crt-runtime-l1-1-0

_wassert
_invalid_parameter_noinfo_noreturn
exit
system
_errno
abort
strerror
__sys_nerr
_beginthreadex
_getpid
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
terminate
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-convert-l1-1-0

strtoul
atoi
strtoull
strtoll
strtol
strtod

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_stat64
_lock_file
_fstat64
_unlink
_unlock_file
_access

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64
strftime
_localtime64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale
localeconv

api-ms-win-crt-math-l1-1-0

_dclass
__setusermatherr
sqrtf
roundf
powf
cosf
ceilf
sinf
acosf

advapi32

OpenProcessToken
CryptEncrypt
CryptImportKey
CryptDestroyKey
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
InitializeAcl
IsValidSid
SetSecurityInfo
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptDestroyHash
CryptHashData

Sections

.text
Size: 705KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18.2MB - Virtual size: 18.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

888516d47110724b17ba3bd971d7caec

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

d3dcompiler_43

kernel32

user32

shell32

imm32

msvcp140

dwmapi

d3dx11_43

urlmon

normaliz

wldap32

crypt32

ws2_32

shlwapi

rpcrt4

psapi

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

advapi32

Sections

.text Size: 705KB - Virtual size: 705KB

.rdata Size: 178KB - Virtual size: 177KB

.data Size: 18.2MB - Virtual size: 18.2MB

.pdata Size: 29KB - Virtual size: 29KB

.rsrc Size: 101KB - Virtual size: 101KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 705KB - Virtual size: 705KB

.rdata
Size: 178KB - Virtual size: 177KB

.data
Size: 18.2MB - Virtual size: 18.2MB

.pdata
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 101KB - Virtual size: 101KB

.reloc
Size: 2KB - Virtual size: 1KB