zloader | 603bd9ee50f7dc6de37f314bda227561f0fd67cdebf53a672ea32cce73a2efd3[.]exe

Resubmissions

21-01-2025 16:48

250121-vbexdatjhx 10

14-12-2024 23:03

241214-21nddayncr 3

Sharing

Copy URL

Twitter E-mail

General

Target

603bd9ee50f7dc6de37f314bda227561f0fd67cdebf53a672ea32cce73a2efd3.exe
Size

460KB
MD5

7980094788f0e46145bdff91b0f4743e
SHA1

039f786b81455c83dc50283e42d0ee2ac48059c8
SHA256

603bd9ee50f7dc6de37f314bda227561f0fd67cdebf53a672ea32cce73a2efd3
SHA512

5face15afb197070f2411dfd4759c2be5daf102b24b5f43a01090b8bbeaa0ea9324b5791259d049b8c87c4d53d63843563d7b4b1d24933d8450ea52741be3ce2
SSDEEP

6144:TYSbPcIFqVNwHRIkXRMTPPcIBbVpov6Cxfqm3xKRe+KTc:0Sb0tNwHtRcvVpLCBDWe+KTc

Score

10^/10

penta2 1.1 zloader

Malware Config

Extracted

Family

zloader

Botnet

Penta2

Campaign

1.1

https://unitedcommunity.world/

Attributes

dns
https://fordns/corproot/

dns://ns1.brownswer.com

rsa_pubkey.plain

rc4.hex

Signatures

Zloader family
zloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
603bd9ee50f7dc6de37f314bda227561f0fd67cdebf53a672ea32cce73a2efd3.exe

Files

603bd9ee50f7dc6de37f314bda227561f0fd67cdebf53a672ea32cce73a2efd3.exe
.dll regsvr32 windows:6 windows x64 arch:x64

e78df8995d788e9664d5306651cffb6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount64
ResetEvent
FlushFileBuffers
SuspendThread
GetCurrentProcessId
WaitForSingleObject
ExitProcess
VirtualQuery
CreateThread
WriteFile
RemoveDirectoryW
CloseHandle
GetFileAttributesW
Process32FirstW
Process32NextW
OutputDebugStringA
FindClose
GetExitCodeProcess
TerminateProcess
FindNextFileW
CreateMutexA
SetEvent
GetProcAddress
GetFileSizeEx
SetThreadContext
GetModuleFileNameW
GetModuleHandleW
LoadLibraryW
HeapAlloc
HeapReAlloc
EnterCriticalSection
CreateProcessW
VirtualAlloc
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
ReadFile
GetLastError
CreateEventA
SetEndOfFile
SetStdHandle
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
LCMapStringW
WriteConsoleW
CreateFileW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
InterlockedFlushSList
RaiseException
SetLastError
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetCurrentProcess
GetModuleHandleExW
HeapFree
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW

user32

PeekMessageW

advapi32

OpenSCManagerW
CloseServiceHandle
CryptReleaseContext

shlwapi

PathFindFileNameW
StrCmpNIA

ws2_32

ntohs
setsockopt
getsockopt
sendto
closesocket
shutdown
htonl
inet_addr
WSAGetLastError

ole32

CoCreateInstance

gdiplus

GdipGetImageEncodersSize

ntdll

RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry

Exports

Exports

DllRegisterServer
DmxzenyaSttc
DwxuexCcald
FgesNhaw
IntpTwppux
RvqiZaej
UpumvqvIlcu
VpjnIcef
YyuxzzvMetk

Sections

.text
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

e78df8995d788e9664d5306651cffb6f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

ws2_32

ole32

gdiplus

ntdll

Exports

Exports

Sections

.text Size: 350KB - Virtual size: 350KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 5KB - Virtual size: 27KB

.pdata Size: 27KB - Virtual size: 27KB

_RDATA Size: 512B - Virtual size: 252B

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 350KB - Virtual size: 350KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 5KB - Virtual size: 27KB

.pdata
Size: 27KB - Virtual size: 27KB

_RDATA
Size: 512B - Virtual size: 252B

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB