popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

LauncherLoader.exe

Malicious Library UPX Malicious Packer PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Jan. 30, 2025, 7:03 p.m. Jan. 30, 2025, 7:05 p.m.
Size 1.7MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7ed622a78bd8afc3c3891379febcf640
SHA256 c175e5125ab14f67e2e59301a0d6a6f2a770f4f5731bb6cb3bf37f6253ce4f60
CRC32 9EB7A0A4
ssdeep 49152:0cVMKEKqDFKkxGgG5jTdX5kljrs/mxN71VCqlW:0uHqDEkggG5jTdJklsu1V
PDB Path D:\workspace_YOON\001__Projects\20__NewKey\인플러스\뉴키-프로젝트\Indesk\Release\LauncherLoader.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
www.newkey.co.kr
A 211.43.189.136
211.43.189.136
IP Address Status Action
164.124.101.2 Active Moloch
211.43.189.136 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path D:\workspace_YOON\001__Projects\20__NewKey\인플러스\뉴키-프로젝트\Indesk\Release\LauncherLoader.pdb
request GET http://www.newkey.co.kr/version/?app_name=NewkeyLauncher.exe
request GET http://www.newkey.co.kr/cab/NewkeyLauncher.exe
request GET http://www.newkey.co.kr/cab/NewkeyManager.ini
request GET http://www.newkey.co.kr/version/pos.php
request GET http://www.newkey.co.kr/version/?app_name=LauncherLoader.exe
request GET http://www.newkey.co.kr/cab/LauncherLoader.exe
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1932
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74201000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1932
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f11000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1932
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76bd1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1932
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x756f1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1932
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74fe1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2124
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74281000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2124
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73cf1000
process_handle: 0xffffffff
1 0 0
name RT_CURSOR language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0017ef04 size 0x00000134
name RT_CURSOR language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0017ef04 size 0x00000134
name RT_CURSOR language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0017ef04 size 0x00000134
name RT_CURSOR language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0017ef04 size 0x00000134
name RT_CURSOR language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0017ef04 size 0x00000134
name RT_CURSOR language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0017ef04 size 0x00000134
name RT_CURSOR language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0017ef04 size 0x00000134
name RT_CURSOR language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0017ef04 size 0x00000134
name RT_CURSOR language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0017ef04 size 0x00000134
name RT_CURSOR language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0017ef04 size 0x00000134
name RT_CURSOR language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0017ef04 size 0x00000134
name RT_CURSOR language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0017ef04 size 0x00000134
name RT_CURSOR language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0017ef04 size 0x00000134
name RT_CURSOR language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0017ef04 size 0x00000134
name RT_CURSOR language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0017ef04 size 0x00000134
name RT_CURSOR language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0017ef04 size 0x00000134
name RT_BITMAP language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0017f0f0 size 0x00000144
name RT_BITMAP language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0017f0f0 size 0x00000144
name RT_ICON language LANG_KOREAN filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN offset 0x0018f5b8 size 0x00000468
name RT_ICON language LANG_KOREAN filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN offset 0x0018f5b8 size 0x00000468
name RT_ICON language LANG_KOREAN filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN offset 0x0018f5b8 size 0x00000468
name RT_ICON language LANG_KOREAN filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN offset 0x0018f5b8 size 0x00000468
name RT_ICON language LANG_KOREAN filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN offset 0x0018f5b8 size 0x00000468
name RT_ICON language LANG_KOREAN filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN offset 0x0018f5b8 size 0x00000468
name RT_ICON language LANG_KOREAN filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN offset 0x0018f5b8 size 0x00000468
name RT_ICON language LANG_KOREAN filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN offset 0x0018f5b8 size 0x00000468
name RT_ICON language LANG_KOREAN filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN offset 0x0018f5b8 size 0x00000468
name RT_ICON language LANG_KOREAN filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN offset 0x0018f5b8 size 0x00000468
name RT_ICON language LANG_KOREAN filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN offset 0x0018f5b8 size 0x00000468
name RT_ICON language LANG_KOREAN filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN offset 0x0018f5b8 size 0x00000468
name RT_ICON language LANG_KOREAN filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_KOREAN offset 0x0018f5b8 size 0x00000468
name RT_DIALOG language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0018fcf4 size 0x00000034
name RT_DIALOG language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0018fcf4 size 0x00000034
name RT_DIALOG language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0018fcf4 size 0x00000034
name RT_DIALOG language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x0018fcf4 size 0x00000034
name RT_STRING language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x00190ba4 size 0x00000040
name RT_STRING language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x00190ba4 size 0x00000040
name RT_STRING language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x00190ba4 size 0x00000040
name RT_STRING language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x00190ba4 size 0x00000040
name RT_STRING language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x00190ba4 size 0x00000040
name RT_STRING language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x00190ba4 size 0x00000040
name RT_STRING language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x00190ba4 size 0x00000040
name RT_STRING language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x00190ba4 size 0x00000040
name RT_STRING language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x00190ba4 size 0x00000040
name RT_STRING language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x00190ba4 size 0x00000040
name RT_STRING language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x00190ba4 size 0x00000040
name RT_STRING language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x00190ba4 size 0x00000040
name RT_STRING language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x00190ba4 size 0x00000040
name RT_STRING language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x00190ba4 size 0x00000040
name RT_GROUP_CURSOR language LANG_KOREAN filetype Lotus unknown worksheet or configuration, revision 0x1 sublanguage SUBLANG_KOREAN offset 0x00190d0c size 0x00000014
file C:\INDESK\NewkeyLauncher.exe
file C:\INDESK\LauncherLoader.exe
file C:\INDESK\NewkeyLauncher.exe
Time & API Arguments Status Return Repeated

InternetReadFile

 buffer: MZÿÿ¸@øº´ Í!¸LÍ!This program cannot be run in DOS mode. $ɾȍßx›ßx›ßx›ª›†ßx›ª›¨ßx›ßy›œÜx›„§í›£ßx›„§û›'ßx›„§ü›çÞx›“ü›Žßx›„§ò›ˆßx›“ì›Œßx›„§é›Œßx›Richßx›PEL¥’oMà  Ö¼8XZð@@L³,L@¬ï|ìÑ1àIHžðü¨f@ð@ üî@.text ÕÖ `.rdata2ð4Ú@@.data˜Í0`@À.rsrcìÑ1Ò1n@@.relocžTàIV@I@B‹A jPÿøRÃÌÌ̋A jPÿøRÃÌÌÌÂÌÌÌÌÌÌÌÌÌÌÌÌ̋D$Pè.CYÂÌ̸Ü]UÃÌÌÌÌÌÌÌÌÌÌV‹ñèèãöD$t VèCƒÄ‹Æ^ÂÌÌU‹ìƒäøjÿhÉRd¡PQ¸œèAv¡àvW3ĉ„$˜SVW¡àvW3ÄP„$°d£D$$P‹ÙÇD$(ÇD$,ÿÿ0ðR‹Ëè×jèYöƒÄhä]U‹ËèûL$DèÕjhô]UL$LDŽ$ÀèOj ¹ìW…Àth^Uè¨jh ^Uëh<^Uè•jhH^U¹ ìW脍L$è^Ƅ$¸‹ ìWjQL$Lèó…À…9‹ìWPRÿ$òRjjjjjjL$Dè/#Ƅ$¸¡ ìWƒÀðPèPxƒÄ‰|$@jjjjhd^UL$@Ƅ$Ìè},‹ð…ö„u‹‹P0‹ÎÿÒjhWL$ è{h„$¨jPè°T‹‹R4ƒÄ h„$¨P‹Îÿ҅Àt3Ih„$¨PL$裋‹R4h„$¨P‹Îÿ҅ÀuЍL$èä‹‹PL‹ÎÿҍL$,èX(GðƄ$¸H ƒÊÿðÁJ…Ò ‹‹P‹BÿЍL$,Ƅ$¸è)L$\QèFT$\Ƅ$¸‹Ê‰S è!8Ƅ$¸‹„$˜ƒÀðH ƒÊÿðÁJ…Ò ‹‹P‹BÿЍL$\Ƅ$¸è³0L$Ƅ$¸è֍L$DDŽ$¸ÿÿÿÿèÂÿ3À‹Œ$°d‰ Y_^[‹Œ$˜3Ìè<‹å]ËËèç¾jjh”^UèT/GðƄ$¸H ƒÊÿðÁJ…Ò ‹‹P‹BÿЍL$,Ƅ$¸è(éfÿÿÿÌÌÌÌÌÌÌÌÌ̋†<ƒèH ƒÊÿðÁJ…Ò ‹‹P‹BÿЋÎéæ/ÌÌÌÌÌÌÌÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ3ÀÂÌÌÌÌÌÌÌÌÌÌÌV‹t$‹‹‹PWÿ҃~ N |;u‹þ¸ðÁ‹Ç_^ËN‹‹jQ‹Èÿҋø…ÿuèk‹F‰G‹F@PƒÆVPOQè0=ƒÄ‹Ç_^ÃÌÌÌÌÌÌÌÌÌ̋D$‹VƒèP‹ñè~ÿÿÿƒÀ‰ƒÄ‹Æ^‹ƒèH ƒÊÿðÁJ…Ò ‹‹P‹BÿÐÃÌV‹ñ‹ƒyôAðW‹8tLƒx P }ƒyø} hW€è¦ÇAô‹_Æ^ÃÉÿðÁ I…É ‹‹P‹BÿЋ‹B ‹ÏÿЃÀ‰_^ÍA ƒÊÿðÁJ…Ò ‹‹Q‹È‹BÿÐÃÌÌÌÌQSUV‹1‹^ôƒî‰L$ ‹‹‹PWÿҋ‹l$j‹È‹UÿЋø…ÿuèL;Ý}‹ëEPNQPoUè<ƒÄ‰_V ƒÈÿðÁH…À ‹‹‹BVÿЋL$_^‰)][YÂÌÌÌÌÌÌÌh€èÆÌÌÌÌÌ̋T$V‹ñ‹‹Hðƒè9P}…Ò~W‹9jRP‹GÿÐ_…ÀuèÂÿÿÿƒÀ‰^ÂÌÌÌÌÌÌÌÌ̋‹T$ƒèV‹p;ò~‹Öƒx ^~ ‰T$é ÿÿÿ‹@;Â}=~ëÀ;Â}‹Â‰D$éwÿÿÿÂÌÌÌÌV‹ñ‹‹Pøƒè¹+H ‹D$+Ð Ê}P‹Îè‹ÿÿÿ‹^ÂÌÌÌÌ̋D$=€uèç Pè ÌÌÌÌÌÌÌÌÌ̋D$…À|‹;Bø ‰Bô‹ ÆÂhW€è»ÿÿÿÌÌÌÌÌÌÌÌÌÌÌSV‹t$‹Ù…öu èÏýÿÿ^[‹L$ …Éu hW€èˆÿÿÿ‹U‹hôW‹ù+øº+Pü‹@ø+Æ Ð} V‹Ëèäþÿÿ‹L$‹V;ýw‹Pø 8QRPèÖ:ë Q‹HøQPèL:ƒÄ_]…ö|£‹;pøœ‰pô‹Æ^[‹D$…ÀuÍPd$Š@„Éuù+ÂÃÌÌÌÌÌÌV‹t$…öu 3ÀPVè>ÿÿÿ^‹ÆWxd$Š@„Òuù+Ç_PVèÿÿÿ^ÂÌÌÌÌÌÌÌÌÌÌ̋T$W‹ù…Òu3ÀPRèüþÿÿ‹Ç_‹ÂVpŠ@„Éuù+Æ^PR‹ÏèÝþÿÿ‹Ç_ÂÌÌÌÌÌÌÌjÿhÖÆRd¡PVW¡àvW3ÄPD$ d£‹t$3ÿWjf‹Îè,‰|$ÇŒdUè¢B3É;Ç•Á;Ïu h@€è*þÿÿ‹‹È‹B ÿЃÀ‰†<ÆD$è QèQ‹@ h€Pÿü÷R‰†@‰¾Ü‰¾(‰¾,‰¾0‰¾4‰¾8‹Æ‹L$ d‰ Y_^ƒÄ ÂÌÌÌÌÌÌÌÌÌÌjÿh˜ÆRd¡PQV¡àvW3ÄPD$ d£‹ñ‰t$ÇD$‹†<ƒèH ƒÊÿðÁJ…Ò ‹‹P‹BÿЋÎÇD$ÿÿÿÿèŽ*öD$t Vè*:ƒÄ‹Æ‹L$ d‰ Y^ƒÄÂÌÌÌÌÌÌÌÌÌ̸HaUÃÌÌÌÌÌÌÌÌÌÌjÿhØÉRd¡PƒìSUVW¡àvW3ÄPD$$d£‹l$4‹ñ3ÿhkfUL$‰t$ ‰|$è›7WV‰|$4èèØ‹Ø;ßu7‹D$ƒÀðPè-úÿÿƒÀ‰EÇD$0ÿÿÿÿ‹D$ƒÀðƒÄH ƒÊÿðÁJ…Ò颍{WèW9W‹ðjVè¯L‹L$,ƒÄVSjQèŒØT$ RD$PhPaUVè}Ø‹D$f‹H f‹Pf‹x·@ P·ÇP·Ò·ÁRPL$$hTaUQè™4Vèû8‹D$0ƒÀðPè†ùÿÿƒÀ‰EÇD$Lÿÿÿÿ‹D$4ƒÀðƒÄ P ƒÉÿðÁ I…É ‹‹P‹BÿЋŋL$$d‰ Y_^][ƒÄÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒäøjÿhPËRd¡PƒìTSUVW¡àvW3ÄPD$hd£‹ñèî,‹†@‹=ø÷RP‹F jh€Pÿ׋†@‹N Pjh€Qÿ×jh€h‹Î虻hä]Uj jjjjÿÿôR…Àt/ÿ ôR=·u"‹‹‚X‹ÎÿÐ3À‹L$hd‰ Y_^][‹å]Ë=ô÷Rjÿ×j‰†àÿ׋N jìQ‰†äÿì÷R‹V PjìRÿð÷Rjh€jÿä÷RP‹F Pÿè÷Rèì ‹ÆèUèó>3ɅÀ•Á…Éu h@€
request_handle: 0x00cc0018
1 1 0

InternetReadFile

 buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $ñ£3OµÂ]µÂ]µÂ]’0¾Â]’&Â]µÂ\ºÁ]¼ºÈ›Â]¼ºÞÂ]¼ºÙßÃ]«Ù¶Â]¼º×¶Â]«É´Â]¼ºÌ´Â]RichµÂ]PEL scQà  ´<Ð@`Ôh@üÈ|ÐàA $›àÜàA@Ð@ LÈ@.text ³´ `.rdataJ+Ð,¸@@.dataXÍ`ä@À.rsrcàAÐBD@@.reloc1 2†@B¸Œ>UÃÌÌÌÌÌÌÌÌÌÌjÿh¦¨Rd¡PQ¡ðHW3ÄPD$d£j¹øºWÇD$øºWèÑ3ÇD$ÇøºW¬@Uè^=3ɅÀ•Á…Éu h@€èß‹‹È‹B ÿЃÀ£à»Wjh AU¹à»WÆD$舸øºW‹L$d‰ YƒÄÃÌÌÌjÿhˆ§Rd¡PQV¡ðHW3ÄPD$ d£‹ñ‰t$ÇD$‹†èƒèH ƒÊÿðÁJ…Ò ‹‹P‹BÿЋÎÇD$ÿÿÿÿè 1öD$t VèàƒÄ‹Æ‹L$ d‰ Y^ƒÄÂÌÌÌÌÌÌÌÌÌÌjÿhh¨Rd¡PƒìSUVW¡ðHW3ÄPD$$d£‹l$4‹ñ3ÿh AUL$‰t$ ‰|$èëWV‰|$4èÈÁ‹Ø;ßu7‹D$ƒÀðPè ƒÀ‰EÇD$0ÿÿÿÿ‹D$ƒÀðƒÄH ƒÊÿðÁJ…Ò颍{Wè3W‹ðjVè_5‹L$,ƒÄVSjQèlÁT$ RD$Ph”>UVè]Á‹D$f‹H f‹Pf‹x·@ P·ÇP·Ò·ÁRPL$$h˜>UQèYVèÁ‹D$0ƒÀðPèfƒÀ‰EÇD$Lÿÿÿÿ‹D$4ƒÀðƒÄ P ƒÉÿðÁ I…É ‹‹P‹BÿЋŋL$$d‰ Y_^][ƒÄÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒäøjÿhªRd¡Pì0¡ðHW3ĉ„$(SVW¡ðHW3ÄP„$@d£D$,P‹ñÇD$0ÇD$4ÿÿ4ÐR‹Îè¥"jè*ZƒÄh¤>U‹Îèî^èýj‹@‹HHQL$ èAh´>UDŽ$LÿÔR¾èj ‹Ïƒøuh¸>UëhÄ>U軋jPÿÔRhÿ”$9jRƄ$@è´3ƒÄ „$4PhÿÔRè:3ɅÀ•Á…Éu h@€è”‹‹È‹B ÿЃÀ‰D$Œ$4QT$hÐ>URƄ$T襋T$ ‹Zô‹Bø¹+Jü+ÃƒÄ Á}SL$è`‹T$CPRè¾%PèÌ ƒÄ …ی‹D$;XøµQ‹Ì‰d$‰Xôhè>UÆèQƄ$P‹Ì‰d$hü>Uè‹ÎƄ$Pè„è993ɅÀ•Á…Éu h@€èº‹‹È‹B ÿЃÀ‰D$$h,?UL$WQƄ$TèÒƒÄ PL$(Ƅ$LèƄ$H‹D$ƒÀðP ƒÉÿðÁ I…É ‹‹P‹BÿЋL$ƒyô}`‹PÿÔRQ‹Ì‰d$hè>UèQQƄ$P‹Ì‰d$hü>Uè8‹ÎƄ$P蹋?jWjhè>Uh@?UjÿÔRé‹Aô‹ÔR…À|5hH?UQèC#‹L$$ƒÄ…Àt+ÁxQ‹Ì‰d$hè>UèÓƄ$Lë7ƒyô|qhL?UQè#ƒÄ…Àt_+D$xYQ‹Ì‰d$hè>UèšƄ$LQ‹Ì‰d$hü>U聋ÎƄ$Pèhèÿ ÔR‹jPjhè>Uh@?UjÿÓQ‹Ì‰d$hP?UèAQƄ$P‹Ì‰d$hd?Uè(‹ÎƄ$Pè©èÀg‹@hL$8QPÿÔRèE73ɅÀ•Á…Éu h@€èÆ‹‹È‹B ÿЃÀ‰D$ h,?UL$WQƄ$T èÞ ƒÄ PL$$Ƅ$L è© Æ„$H ‹D$ƒÀðP ƒÉÿðÁ I…É ‹‹P‹BÿЋt$ VL$8hQèð"ƒÄ T$4Rh”?Uh€ÿ ÐR…À„8D$(Phjh”?Uh€ÿÐR…À„ÅƄ$HFðH ƒÊÿðÁJ…Ò ‹‹P‹BÿÐƄ$H‹D$$ƒÀðH ƒÊÿðÁJ…Ò ‹‹P‹BÿÐƄ$H‹D$ƒÀðƒÊÿH ðÁJ…Ò ‹‹P‹BÿÐDŽ$Hÿÿÿÿ‹D$ƒÀðH ƒÊÿðÁJ…Ò ‹‹P‹BÿÐ3À‹Œ$@d‰ Y_^[‹Œ$(3Ìè/‹å]ÍD$4PŠ@„Éuù+‹T$(PL$8Qjjh¤>URÿÐR‹ð‹D$(PÿÐR…ötƄ$H‹D$ ƒÀðé÷þÿÿèZ53ɅÀ•Á…Éu h@€èÛ‹‹È‹B ÿЃÀ‰D$Ƅ$H ‹QT$hÈ?URèñ ‹t$ƒÄ jjVh@Uh@?UjÿӍFðƄ$H H ƒÊÿðÁJ…Ò ‹‹P‹BÿÐƄ$H‹D$ ƒÀðéaþÿÿhW€èUÌÌÌÌÌU‹ìjÿhY©Rd¡PQ¸€èä6¡ðHW3ʼnEìSVWPEôd£‰eð‹ñ‰µÐïÿÿÇEüèp43ɅÀ•Á…Éu h@€èñ‹‹È‹B ÿЃÀ‰…àïÿÿÆEüè@43ɅÀ•Á…Éu h@€èÁ‹‹È‹B ÿЃÀ‰…ÔïÿÿÆEü‹M ‹–èQR…àïÿÿh(@UPèÏ äïÿÿQ‹àïÿÿèm÷ÿÿƒÄPÔïÿÿÆEüèŠ ÆEü‹…äïÿÿƒÀðP ƒÉÿðÁ I…É ‹‹P‹BÿÐè©33ɅÀ•Á…Éu h@€è*‹‹È‹B ÿЃÀ‰…ØïÿÿÆEü‹M Q•Øïÿÿh0@URè? ƒÄ jjjjjj¤ïÿÿènjjjÆEü‹…ØïÿÿjP¤ïÿÿèâw‹Ø‰ÈïÿÿÇEüè33ɅÀ•Á…Éu h@€èž‹‹È‹B ÿЃÀ‰…ÜïÿÿÆEü èí23ɅÀ•Á…Éu h@€èn‹‹È‹B ÿЍx‰½äïÿÿxïÿÿÆEü 藍¸ïÿÿÆEü èj†ÆEü …Û„ìh‹ËèPj‹‹RX…ÜïÿÿP‹Ëÿ҅À„ȍ…ÜïÿÿPäïÿÿQ•ÌïÿÿRè„ƒÄ ÆEü ‹Aðwð;ÆtWƒ~ ~ |8‹;u2Pè, ‹ØƒÄƒÈÿðÁH…À ‹‹‹BVÿЍ{‹Èïÿÿ‰½äïÿÿë‹AôPQäïÿÿè`‹½äïÿÿÆEü ‹…ÌïÿÿƒÀðH ƒÊÿðÁJ…Ò ‹‹P‹BÿЋ‹RX…ÜïÿÿP‹Ëÿ҅À…
request_handle: 0x00cc0018
1 1 0
section {u'size_of_data': u'0x00014200', u'virtual_address': u'0x0017d000', u'entropy': 6.821618338868751, u'name': u'.rsrc', u'virtual_size': u'0x000141e0'} entropy 6.82161833887 description A section with a high entropy has been found
process LauncherLoader.exe useragent LauncherLoader
process NewkeyLauncher.exe useragent NewkeyLauncher
Lionic Trojan.Win32.Generic.4!c
CAT-QuickHeal Trojan.Ghanarava.1728021136bcf640
Skyhigh GenericR-JHC!7ED622A78BD8
ALYac Gen:Variant.Doina.6867
Cylance Unsafe
VIPRE Gen:Variant.Doina.6867
Sangfor Downloader.Win32.Agent.Vngg
CrowdStrike win/malicious_confidence_60% (W)
BitDefender Gen:Variant.Doina.6867
Arcabit Trojan.Doina.D1AD3
Symantec Trojan.Gen
ESET-NOD32 a variant of Generik.HCBZUHV
APEX Malicious
Avast Win32:Malware-gen
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba TrojanDownloader:Win32/Generic.a34ba575
NANO-Antivirus Trojan.Win32.Mlw.fiunwv
MicroWorld-eScan Gen:Variant.Doina.6867
Rising Downloader.Generic!8.141 (TFE:5:EmBEXdy2agR)
Emsisoft Gen:Variant.Doina.6867 (B)
Zillya Trojan.GenericKD.Win32.2294
TrendMicro TROJ_FRS.0NA103AR19
McAfeeD ti!C175E5125AB1
CTX exe.trojan.generic
Sophos Mal/Generic-S
FireEye Gen:Variant.Doina.6867
Jiangmin TrojanDownloader.Generic.avtz
Google Detected
Antiy-AVL Trojan/Win32.Agent
Kingsoft Win32.Troj.Unknown.a
Microsoft Program:Win32/Wacapew.C!ml
GData Gen:Variant.Doina.6867
McAfee GenericR-JHC!7ED622A78BD8
DeepInstinct MALICIOUS
VBA32 suspected of Trojan.Downloader.gen
Malwarebytes Malware.AI.3924006920
Ikarus Trojan-Downloader.Agent
Panda Trj/Chgt.O
TrendMicro-HouseCall TROJ_FRS.0NA103AR19
Tencent Win32.Trojan-Downloader.Generic.Vylw
Yandex Trojan.DL.Agent!MWr22skoNqk
huorong HVM:TrojanDownloader/Small.as
MaxSecure Trojan.Malware.1728101.susgen
Fortinet W32/Generic!tr.dldr
AVG Win32:Malware-gen
Paloalto generic.ml
alibabacloud Trojan:Win/Wacatac.B9nj