privateloader | 18ea6cf536e2c7b080dcecda814cd93a18b3be23

Sharing

Copy URL

Twitter E-mail

General

Target

18ea6cf536e2c7b080dcecda814cd93a18b3be23
Size

170KB
MD5

cad87a095910a87a0dfbef6b75b2266d
SHA1

18ea6cf536e2c7b080dcecda814cd93a18b3be23
SHA256

39c18be9542c5a330c19ed08c1cc5cb8922d872f602ae13fb4a42d4cc6784883
SHA512

032bff118a2700a61a740b6ca15f477c5b11ed908f35cd0f2ff4f68c908377b14ce70f309ee8ec4f5a068866473dff61ec7aac18691df48a2281461fc5453796
SSDEEP

3072:UMKCyRg+Bjj7dZYDjqlZiyJ/ePfW+Dx0letfRqwkqcJeDl/+QZN0i1fRTL:UtR5Bj7XYDWlz/1eh6qcUxNA6h

Score

10^/10

privateloader

Malware Config

Signatures

Privateloader family
privateloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/b0de3b3eb79e5291dcd933e0e8231c90208e2e11e894500fb7df6487ba259ba9

Files

18ea6cf536e2c7b080dcecda814cd93a18b3be23
.zip

Password: infected
b0de3b3eb79e5291dcd933e0e8231c90208e2e11e894500fb7df6487ba259ba9
.exe windows:6 windows x86 arch:x86

a09fb7ac37c6846f86e7eae4dcb32d14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetModuleHandleA
SetCurrentDirectoryA
Sleep
LoadLibraryA
lstrcpyA
CloseHandle
GetProcAddress
GetFileSize
GetLastError
lstrlenA
WriteConsoleW
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetStringTypeW
SetStdHandle
GetFileType
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
GetCurrentProcess
TerminateProcess
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlUnwind
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
CompareStringW
LCMapStringW
GetTimeZoneInformation
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
DecodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-errorhandling-l1-1-0

SetLastError

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
TlsAlloc
TlsFree
TlsGetValue

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

a09fb7ac37c6846f86e7eae4dcb32d14

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

api-ms-win-core-profile-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

Sections

.text Size: 95KB - Virtual size: 94KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 99KB - Virtual size: 98KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 95KB - Virtual size: 94KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 99KB - Virtual size: 98KB

.reloc
Size: 5KB - Virtual size: 4KB