loader-3[.]0[.]0[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

loader-3.0.0.zip
Size

5.1MB
MD5

ed6e9c1bdc966f2484cbf4c36f905a4e
SHA1

0781cc5b845642703b4bb6e1184ff949e8dc7e0c
SHA256

6ddd5fa84793dbb9147ced83f5037bae1417385d026a43fd267e9121a0ce78f8
SHA512

a6cef34c864d7c1f1974c409f4c0b47e98f537bc9ae436ddda717d4a28ade243009d70d49f364e63c5aec66f62bfd0132d4b911d1752ce32dd1e302c759e2179
SSDEEP

98304:utfxCN7AKAtdkcaP773135BKk93u8t4StlewOgEvNd42ColbJam/WR8Wwo6mOJX:qfxCNMZCjP7J3DKk99RcI2C+lamuRXwF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/loader-3.0.0/loader.exe

Files

loader-3.0.0.zip
.zip

Password: lick
loader-3.0.0/loader.exe
.exe windows:6 windows x64 arch:x64

Password: lick

46de1d52a4a93387a28758403d275160

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

ntohl

crypt32

CertFreeCertificateChain

wldap32

ord143

kernel32

LocalFree
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

normaliz

IdnToAscii

advapi32

CryptReleaseContext

msvcp140

??Bid@locale@std@@QEAA_KXZ

wininet

InternetOpenA

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception

api-ms-win-crt-runtime-l1-1-0

_c_exit

api-ms-win-crt-stdio-l1-1-0

fgetc

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-math-l1-1-0

_dsign

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-filesystem-l1-1-0

_fstat64

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-utility-l1-1-0

qsort

wtsapi32

WTSSendMessageW

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nuhuh0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nuhuh1
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: lick

Password: lick

46de1d52a4a93387a28758403d275160

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

wldap32

kernel32

normaliz

advapi32

msvcp140

wininet

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

wtsapi32

user32

Sections

.text Size: - Virtual size: 436KB

.rdata Size: - Virtual size: 106KB

.data Size: - Virtual size: 4KB

.pdata Size: - Virtual size: 18KB

.nuhuh0 Size: - Virtual size: 3.4MB

.nuhuh1 Size: 5.5MB - Virtual size: 5.5MB

.reloc Size: 512B - Virtual size: 236B

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 436KB

.rdata
Size: - Virtual size: 106KB

.data
Size: - Virtual size: 4KB

.pdata
Size: - Virtual size: 18KB

.nuhuh0
Size: - Virtual size: 3.4MB

.nuhuh1
Size: 5.5MB - Virtual size: 5.5MB

.reloc
Size: 512B - Virtual size: 236B

.rsrc
Size: 512B - Virtual size: 469B