2024-09-27_4a05d5a0ee0fd81aea9b8db58dda9e5f_powerloader_vabushky | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-27_4a05d5a0ee0fd81aea9b8db58dda9e5f_powerloader_vabushky
Size

54KB
MD5

4a05d5a0ee0fd81aea9b8db58dda9e5f
SHA1

1ed7462e8f642b4b2f510f08e355559bfdca066f
SHA256

5adb6c28b9edbf256b1a448ee89984889d9260fb6d75e50b835d49090874218d
SHA512

47006ecc97769c665c707324027ed85d5545ccec2e7d5df4e8ad56618ba4fbbf997a1a501658f420bcd64bf924329d512471d829e1a514b555003b6c387c2289
SSDEEP

768:iGAwi3kNYsGVnyM69cgFeyat3zBGwvnZXUk+EjeOScG3u/fClJM43FrGIgaEPC:iGco36pxZUk+OeOSc/Mn3FrGI1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-27_4a05d5a0ee0fd81aea9b8db58dda9e5f_powerloader_vabushky

Files

2024-09-27_4a05d5a0ee0fd81aea9b8db58dda9e5f_powerloader_vabushky
.exe windows:5 windows x64 arch:x64

27866758e2384000aa4db66838a6893d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

ntdll

strcat

shlwapi

StrStrIA

wininet

InternetOpenA

imagehlp

CheckSumMappedFile

version

VerQueryValueA

user32

GetDC

gdi32

EndPath

advapi32

RegOpenKeyA

Exports

Exports

Inject64End
Inject64Normal
Inject64Start
UacInject64End
UacInject64Start

Sections

.MPRESS1
Size: 50KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE