GoatLoader [.]exe

Sharing

Copy URL Twitter E-mail

General

Target

GoatLoader .exe
Size

18.8MB
MD5

02fccf72be2995bf6e85bc8ba5b737c7
SHA1

a90a2ab1f8dd4203322f26468256fbc4abbad764
SHA256

ea78552dd9106fd6842dff14a68bde08c44590042f1d65fe945d0d3fcef49085
SHA512

6a5721d293812107ec226a101e20b0fb3770a4179349e66577b57cbf9dc89e12f4444a05e7f00207a2d45331d0d67970d18d332a1bc90478fca576fac0dbcafa
SSDEEP

393216:r/PPOtvx5D02huIDD0PCd1DKREcsUadfkuwnvbvdPRQ/:rgXGI1DEEjxdfkuAZ+/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GoatLoader .exe

Files

GoatLoader .exe
.exe windows:6 windows x64 arch:x64

309c4ef30443349f977fc3d5670473c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLastError

user32

SetWindowTextA

gdi32

CreateCompatibleDC

shell32

ShellExecuteA

msvcp140

?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

urlmon

URLDownloadToFileA

psapi

GetModuleInformation

version

GetFileVersionInfoA

ntdll

RtlCaptureContext

gdiplus

GdiplusStartup

normaliz

IdnToAscii

wldap32

ord33

crypt32

CertCloseStore

ws2_32

WSAGetLastError

shlwapi

PathFindFileNameW

rpcrt4

UuidToStringA

userenv

UnloadUserProfile

vcruntime140

strstr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

strpbrk

api-ms-win-crt-math-l1-1-0

ceilf

api-ms-win-crt-stdio-l1-1-0

_set_fmode

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-convert-l1-1-0

strtoll

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-utility-l1-1-0

qsort

advapi32

CryptAcquireContextA

Sections

.text
Size: - Virtual size: 625KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sb<
Size: - Virtual size: 12.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.YSG
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.r*E
Size: 18.8MB - Virtual size: 18.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

309c4ef30443349f977fc3d5670473c7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

msvcp140

urlmon

psapi

version

ntdll

gdiplus

normaliz

wldap32

crypt32

ws2_32

shlwapi

rpcrt4

userenv

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

advapi32

Sections

.text Size: - Virtual size: 625KB

.rdata Size: - Virtual size: 191KB

.data Size: - Virtual size: 6KB

.pdata Size: - Virtual size: 23KB

.sb< Size: - Virtual size: 12.8MB

.YSG Size: 1024B - Virtual size: 552B

.r*E Size: 18.8MB - Virtual size: 18.8MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 260B

.text
Size: - Virtual size: 625KB

.rdata
Size: - Virtual size: 191KB

.data
Size: - Virtual size: 6KB

.pdata
Size: - Virtual size: 23KB

.sb<
Size: - Virtual size: 12.8MB

.YSG
Size: 1024B - Virtual size: 552B

.r*E
Size: 18.8MB - Virtual size: 18.8MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 260B