Loader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Loader.exe
Size

3.9MB
MD5

c444d6076dadf1ee25ae9e516f6b4a81
SHA1

7e8de5aa32ffe9d156aa596808c1ceb66f90657c
SHA256

ca989d3387bd4b6dab79911c64563cf927556eab32fb7fe830921b2104cc73bc
SHA512

72c3c72ccb2dd0bb12859fc08a719f5912f1ad24ecc01bcb201dd774867c0a187e5fe003368276c0be0685df38be08e3b3df1e4b65edfcac76f65dbd9b2b26ff
SSDEEP

49152:1+G4WQFhkVDXdzRqnQZUcQdasS+8MGfUycoa:5fU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Loader.exe

Files

Loader.exe
.exe windows:6 windows x64 arch:x64

Password: infected

8ebe2d5d0fe3522139c8159a4e780498

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\ashle\OneDrive\Desktop\um new (1)\x64\Debug\kzk drv.pdb

Imports

kernel32

WideCharToMultiByte
GetConsoleScreenBufferInfo
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetConsoleWindowInfo
SetConsoleTitleA
GetConsoleWindow
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
VirtualQuery
CreateThread
WritePrivateProfileStringA
HeapAlloc
GetLastError
GetModuleHandleW
GetStartupInfoW
WakeAllConditionVariable
RaiseException
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount64
GetCurrentThreadId
SleepConditionVariableSRW
TryAcquireSRWLockShared
TryAcquireSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
ExitProcess
GetCurrentProcess
MultiByteToWideChar
GetPrivateProfileStringA
GetPrivateProfileIntA
HeapFree
lstrcmpiW
InitializeSListHead
Sleep
DeviceIoControl
CloseHandle
Beep
CreateFileW
GetProcessHeap
GetStdHandle

user32

LoadCursorW
SetProcessDPIAware
MonitorFromWindow
TranslateMessage
ScreenToClient
ClientToScreen
SetCursor
SetCursorPos
GetClientRect
ReleaseDC
GetDC
DispatchMessageW
PeekMessageA
DestroyWindow
ShowWindow
SetLayeredWindowAttributes
SetWindowPos
GetAsyncKeyState
mouse_event
GetSystemMetrics
UpdateWindow
MessageBoxA
MessageBoxW
GetCursorPos
SetWindowLongA
FindWindowA
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
TrackMouseEvent
GetKeyState
GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

advapi32

OpenProcessToken
GetTokenInformation

d3d11

D3D11CreateDeviceAndSwapChain

msvcp140d

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exceptions@std@@YAHXZ
_Query_perf_counter
_Query_perf_frequency
_Thrd_detach
_Mtx_lock
_Mtx_unlock
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
_Mbrtowc
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
??Bios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Random_device@std@@YAIXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

imm32

ImmGetContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext

d3dcompiler_43

D3DCompile

dwmapi

DwmEnableBlurBehindWindow
DwmGetColorizationColor
DwmIsCompositionEnabled
DwmExtendFrameIntoClientArea

vcruntime140d

memchr
__vcrt_GetModuleHandleW
__vcrt_GetModuleFileNameW
__std_type_info_destroy_list
memcpy
memmove
memset
strstr
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__vcrt_LoadLibraryExW
memcmp
__C_specific_handler_noexcept
strchr
__C_specific_handler
__current_exception
__current_exception_context

vcruntime140_1d

__CxxFrameHandler4

ucrtbased

fflush
fread
fseek
ftell
fwrite
__stdio_common_vfprintf
__stdio_common_vsscanf
free
qsort
fmodf
toupper
strcpy
strncmp
floorf
acosf
ceilf
strcpy_s
cos
log
pow
sin
logf
_callnewh
_free_dbg
_seh_filter_dll
_configure_narrow_argv
_wfopen
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_CrtDbgReportW
strcat_s
_seh_filter_exe
_set_app_type
__setusermatherr
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_set_fmode
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_wmakepath_s
_wsplitpath_s
wcscpy_s
__acrt_iob_func
_wassert
strncpy
strcmp
_beginthreadex
terminate
__stdio_common_vsnprintf_s
__stdio_common_vsprintf_s
__stdio_common_vsprintf
tanf
sqrtf
sinf
powf
cosf
atan2f
fabs
atan2
asin
_CrtDbgReport
_calloc_dbg
system
atof
fclose
malloc
_invalid_parameter
strtok_s
_initialize_narrow_environment
wcslen
strlen

Sections

.textbss
Size: - Virtual size: 836KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 477KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

8ebe2d5d0fe3522139c8159a4e780498

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

d3d11

msvcp140d

imm32

d3dcompiler_43

dwmapi

vcruntime140d

vcruntime140_1d

ucrtbased

Sections

.textbss Size: - Virtual size: 836KB

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 477KB - Virtual size: 476KB

.data Size: 1.6MB - Virtual size: 1.6MB

.pdata Size: 70KB - Virtual size: 70KB

.idata Size: 16KB - Virtual size: 16KB

.msvcjmc Size: 2KB - Virtual size: 1KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 373B

_RDATA Size: 1024B - Virtual size: 812B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 19KB - Virtual size: 18KB

.textbss
Size: - Virtual size: 836KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 477KB - Virtual size: 476KB

.data
Size: 1.6MB - Virtual size: 1.6MB

.pdata
Size: 70KB - Virtual size: 70KB

.idata
Size: 16KB - Virtual size: 16KB

.msvcjmc
Size: 2KB - Virtual size: 1KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 373B

_RDATA
Size: 1024B - Virtual size: 812B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 18KB