Loader[.]exe | Triage

Sharing

General

Target

Loader.exe
Size

30.4MB
MD5

4c9a5353c4d128e5c91f62594541c809
SHA1

4693f7c7a7cb2271a0e586bd6ab9b3e99f1bd078
SHA256

df5f9d36a731e6dd23c036dc365fe852e2f5ceb865dba753950351b922a03590
SHA512

c1fdae552c7c8b497ee82779b05c08db6946565b620cd9c5deb7b521babd3012398cc3e0e0878aa51c0eb4bc1f5b6f6339eed0754a4f8def161b63d11687bbe0
SSDEEP

6144:bWAoFwzNQONDkBahgVWmoPZXOZNcb9s2Gxvh+U0rZOOzqPdYH211IpBB++53XwF5:bFbzyOND0ToEUbOn4UQXzqd9IpBB1u7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Loader.exe

Files

Loader.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bsS
Size: 322KB - Virtual size: 322KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE