loader.exe

First submission 2024-02-04 18:36:17

File details

File type: PE32+ executable (console) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 324.67 KB (332463 bytes)
Compile time: 2023-08-04 09:10:33
MD5: eb84bd84a313cf1d5fabb31294817a6d
SHA1: df09a276cfa805163f5a3d9e93b78d35e0195529
SHA256: 4b6f4b00740277a3f5739ad99672ede8b0031c11313c5ac824d873ee506c9545
Import Hash : ef8dd0592d77a4202ebb2e0892021856
Sections 18 .text .data .rdata .pdata .xdata .bss .idata .CRT .tls .rsrc /4 /19 /31 /45 /57 /70 /81 /92
Directories 3 import resource tls
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://47.99.151.68:1302/loader.exe VirusTotal Report 47.99.151.68 VirusTotal Report 2024-02-04 18:36:17

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1f98 8192 e0c447296ed24fc75cbea1a9ed8ec0e489833d66 0a18058ba6de13d5a5da798028288598
.data 0x3000 0xc0 512 15eac20a494288bb542595f4dcb6a27b199d7eb1 7f5672dd2d958eec66d6852b22025d3c
.rdata 0x4000 0x920 2560 a01b92d9caa0739fb1478b0ab0035841fb7d61c8 ec8d97aec90f46a572c0326b047a5ce2
.pdata 0x5000 0x258 1024 ac1a91d133d0f277c4c5800580215e08b78c2833 057f2b9de81c5d5aee7e67d3cc632965
.xdata 0x6000 0x1ec 512 d60fa839bf83712444d610757e7bf2844d355a62 14b47a0878092885752acdcdb6926ec5
.bss 0x7000 0x980 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x8000 0x824 2560 679f6a93b4afc699b697bde5ab55aa5bafac91ab 8e5a13d4afc31f5d3f533ecbe49bdfdc
.CRT 0x9000 0x68 512 f331685f2e2590772d176e9a075eacde7e00c8f4 f9f1c31eff55831279b5f354818ad8ec
.tls 0xa000 0x10 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0xb000 0x4e8 1536 d8c6bb5e232b4098168c9378078aaf4e9d77ee3f 3b7f4d778dd55680650e27ddd712b430
/4 0xc000 0x4a0 1536 a16c7275b22f385532c01176fdacd6091fb6fb25 019421cdbd1462214d7d628bd5374338
/19 0xd000 0x38e9e 233472 05cf514c165eae3796476af747f63deb4973a8fb 3216ddf2fb7c122cab4e6bcde49068df
/31 0x46000 0x26e4 10240 a27e24819816568d09802db711fdbb68c31ffcf2 e8f17117d0c4f0b0ae44cd754c4daca2
/45 0x49000 0x35fb 13824 4670e8ec1ce071d4d130de199bbcca55e00cac0c 4e4ab19ed60ef2e73603c04615917324
/57 0x4d000 0xa38 3072 d3b1119c7243c53efdfca7e6a40b7420db58d220 b2bef1d4a16d34d3e6ca5ffb887007c3
/70 0x4e000 0x7c1 2048 79e32969713066bc096de77950787470e51f5915 0ad247b5a4c4beb665fd14ebb18bae35
/81 0x4f000 0x2fb9 12288 29f2e2151b4e5132092bf60757f5cc6c2f522d58 0c6eb2ad43bbb593df0a8c20c30ab140
/92 0x52000 0x4d0 1536 f8f64748bc80082ae7942e7874e676b86124ad6b 3ef820e8da944a9b49034cccc6288d68

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0xb058 1167

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 3

GetLastError
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Text
config.txt
Library
KERNEL32.dll
MSVCRT.dll

Import functions