privateloader | ca4071b32d81b7e15183a89246053b64731408d41fa26412e5709b9bc94fd4e1

Sharing

Copy URL

Twitter E-mail

General

Target

ca4071b32d81b7e15183a89246053b64731408d41fa26412e5709b9bc94fd4e1
Size

366KB
MD5

2257f5e03a3458fc694791b84647bd97
SHA1

08d21f2c8efc2897ee427003b24f347fc1c3f92a
SHA256

ca4071b32d81b7e15183a89246053b64731408d41fa26412e5709b9bc94fd4e1
SHA512

e430a2bd62e9b40b3db13384c251e34016e8682c1908624779f0fc8144b3e907b7aec8a948865a5abb170a89a67f810c5b7454ac3e876d2ab141c009c8913bf7
SSDEEP

6144:Mfg11TFSnoc7tzrOIrgqKp9VjMd7vZL02dIHqEnuO6Hwf9J6DCFaN1m392tpmnsg:bPTInoc7tzrOIrgljcz1ELAwH1aNC2hg

Score

10^/10

privateloader

Malware Config

Signatures

Privateloader family
privateloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/adb98685d3d6a8fa5e90b6fd9d458601d874718d5815f8aab66728ba9d067440

Files

ca4071b32d81b7e15183a89246053b64731408d41fa26412e5709b9bc94fd4e1
.zip

Password: infected
adb98685d3d6a8fa5e90b6fd9d458601d874718d5815f8aab66728ba9d067440
.exe windows:6 windows x86 arch:x86

9b239827ad94cf9e43aed2c8aec6e783

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
FindClose
lstrcatA
GetModuleHandleA
MultiByteToWideChar
GlobalAlloc
lstrcpyA
VerSetConditionMask
WideCharToMultiByte
VerifyVersionInfoW
GetSystemTimeAsFileTime
GetComputerNameA
GetProcAddress
HeapFree
lstrlenA
HeapAlloc
lstrcpynA
GetProcessHeap
GetLastError
CreateFileW
CreateFileA
InitializeSListHead
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
FormatMessageW
CreateDirectoryW
DeleteFileW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
SetLastError
SetFilePointer
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
GetCPInfo
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCurrentThread
GetThreadTimes
InterlockedPushEntrySList
RaiseException
RtlUnwind
FreeLibrary
LoadLibraryExW
GetFileType
ExitProcess
GetModuleHandleExW
SetEnvironmentVariableA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
WriteConsoleW
GetACP
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetStdHandle
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
HeapReAlloc
OutputDebugStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
WriteFile
ReadFile
SetEvent
ResetEvent
WaitForSingleObjectEx

user32

CharToOemA
CharNextA

advapi32

CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
ConvertSidToStringSidA
LookupAccountNameA

Sections

.text
Size: 585KB - Virtual size: 584KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

9b239827ad94cf9e43aed2c8aec6e783

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 585KB - Virtual size: 584KB

.rdata Size: 139KB - Virtual size: 138KB

.data Size: 19KB - Virtual size: 27KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 585KB - Virtual size: 584KB

.rdata
Size: 139KB - Virtual size: 138KB

.data
Size: 19KB - Virtual size: 27KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 27KB