drimloader[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

drimloader.exe
Size

119KB
MD5

df92d716e154851a108d29e1c2e6b904
SHA1

a31f76c9c0043bd993132021b5bb7625e645fd4b
SHA256

8c01bd1e7e9dcc375b0c89143c307ee0f804ec08f02051c298cf6951ff6b7b9d
SHA512

d43ab2d82b3c1caa464c3e015bdd0e583f970d5f01170f9ab819eda1c5fd28e42665973e055e8b704744b9e84d65b62c07d311a81fe8bbfe85a2ea72f0d8524b
SSDEEP

3072:wNWOhN3CuB7sWGB17ZpgO/UrGsoFxC2pFp:wLrXBy/VpgYUwQ2pFp

Score

1^/10

Malware Config

Signatures

Files

drimloader.exe
.exe windows:6 windows x64 arch:x64

8294a9ef6520001c6219d61b83456882

Code Sign

03:68:f7:ee:6f:14:c1:91:4c:cb:07:f1:e6:bc:83:8c
Certificate

Issuer

CN=Microsoft Windows

Not Before

31/12/2024, 16:16

Not After

31/12/2039, 23:59

Subject

CN=Microsoft Windows

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8a:f8:8b:84:89:6f:6b:0a:c4:cc:f3:47:f9:b3:16:48:44:e7:1e:df:16:80:db:64:d6:3e:55:5d:2c:85:12:d2
Signer

Actual PE Digest

8a:f8:8b:84:89:6f:6b:0a:c4:cc:f3:47:f9:b3:16:48:44:e7:1e:df:16:80:db:64:d6:3e:55:5d:2c:85:12:d2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

pdh

PdhCloseQuery
PdhOpenQueryA
PdhAddCounterA
PdhGetFormattedCounterValue
PdhCollectQueryData

kernel32

LoadLibraryExW
WriteConsoleW
CreateFileW
SetFilePointerEx
RemoveVectoredExceptionHandler
GetCurrentProcess
GetCurrentThreadId
GetModuleHandleA
Sleep
GetTickCount64
GetCurrentThread
CloseHandle
GetSystemInfo
AddVectoredExceptionHandler
GetThreadContext
GetProcAddress
GetCurrentProcessId
SetThreadContext
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
VirtualProtect
CompareStringW
LCMapStringW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetFileType
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8294a9ef6520001c6219d61b83456882

Code Sign

03:68:f7:ee:6f:14:c1:91:4c:cb:07:f1:e6:bc:83:8cCertificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

8a:f8:8b:84:89:6f:6b:0a:c4:cc:f3:47:f9:b3:16:48:44:e7:1e:df:16:80:db:64:d6:3e:55:5d:2c:85:12:d2Signer

Headers

DLL Characteristics

File Characteristics

Imports

pdh

kernel32

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 4KB

.fptable Size: 512B - Virtual size: 256B

.reloc Size: 2KB - Virtual size: 1KB

03:68:f7:ee:6f:14:c1:91:4c:cb:07:f1:e6:bc:83:8c
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

8a:f8:8b:84:89:6f:6b:0a:c4:cc:f3:47:f9:b3:16:48:44:e7:1e:df:16:80:db:64:d6:3e:55:5d:2c:85:12:d2
Signer

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 4KB

.fptable
Size: 512B - Virtual size: 256B

.reloc
Size: 2KB - Virtual size: 1KB