ldr_kNx9sf[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ldr_kNx9sf.exe
Size

15.5MB
MD5

553fecac1e9b5c62dd18bbed6b9f9385
SHA1

274eefffcacbe1344210a5a53ab433d3946ff9f4
SHA256

780147aaca8ed34c3f14914be968447a697a5dd4eefa2b15fc9d5baa8bc1bce7
SHA512

1810637949e9136baf5a4bb42158590f4b89ac7993b74b6de73db6c37017565e3f5048fa707fce5e33c0f448437971dd103aa4b3ad9959b489546bcfc2dc1606
SSDEEP

393216:QRfP/yjfXriJzRftmsGGIXWu1MFDSBx12qDDmseFba3mbpacUYNF:Qlqm3ftTGhj+DSBDDD96e3mbwc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ldr_kNx9sf.exe

Files

ldr_kNx9sf.exe
.exe windows:6 windows x64 arch:x64

cc28f9a673445da41ed3c0fab42982d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathFileExistsW

iphlpapi

GetIpForwardTable

gdiplus

GdipCreateBitmapFromHBITMAP

kernel32

GetVersion
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

GetWindowThreadProcessId

gdi32

DeleteDC

advapi32

RegSetValueExW

shell32

SHGetFolderPathW

ole32

GetHGlobalFromStream

ntdll

RtlVirtualUnwind

ws2_32

select

dbghelp

SymLoadModuleExW

crypt32

CertOpenStore

bcrypt

BCryptGenRandom

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.b<#
Size: - Virtual size: 9.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.?R.
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.na'
Size: 15.5MB - Virtual size: 15.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc28f9a673445da41ed3c0fab42982d0

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

iphlpapi

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

ntdll

ws2_32

dbghelp

crypt32

bcrypt

Sections

.text Size: - Virtual size: 1.0MB

.rdata Size: - Virtual size: 443KB

.data Size: - Virtual size: 62KB

.pdata Size: - Virtual size: 48KB

_RDATA Size: - Virtual size: 500B

.b<# Size: - Virtual size: 9.5MB

.?R. Size: 4KB - Virtual size: 4KB

.na' Size: 15.5MB - Virtual size: 15.5MB

.reloc Size: 512B - Virtual size: 64B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 1.0MB

.rdata
Size: - Virtual size: 443KB

.data
Size: - Virtual size: 62KB

.pdata
Size: - Virtual size: 48KB

_RDATA
Size: - Virtual size: 500B

.b<#
Size: - Virtual size: 9.5MB

.?R.
Size: 4KB - Virtual size: 4KB

.na'
Size: 15.5MB - Virtual size: 15.5MB

.reloc
Size: 512B - Virtual size: 64B

.rsrc
Size: 512B - Virtual size: 480B