Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Unknown Loader
41e698c7f1febdb53b9b7eae0f48fd93949602d0631d6f6b7dc0768958f7107a
6f681a0f9405d128c143e7ebb3feb5856daddcecf7f7470ac61e6c597f564173
c0991e1099bb260b71bf5398a98527a99f07154c9701a649b7ba1c66785bd3df
6294e0dacade2097d7f9455c966db65d2c5306bf705e11f176826dec5a1a1644
aa8216a859d49acdfdef302eed42b178d94ee03a88a1453d85061bd1d13763aa
e176c5e755146f40a4dbb01e4c7ebf0d0c8464b364198e682b646f19dc49d836
d2b1423746fe69febe62d89cca5b59c900189eaca2016b5b62d440762c8518ad
381754c11d86714845582a9197e324d9144dc471c428ecf8e1f78e392bd9f675
504ba1abbcb196f67c2bb6bc1b0942f38199cf43ab573f702c2ca44081cec6fa
6f9ad8ffea96e22659d457f8154a80d6db8c7b3bc414b8215c120ddffa21f43a
c49a9548cd79fdef18faab6c7ef695c3505f922b3686236881c5b15f1e3466ca
ca793565243b436c205442957d35405f30560f608f2cf0e6378905e88bbed759
00ebcc40cd1eaa848d73e62ba8413a27178f2536f0431f865a6bc2da38e5b054
5057ebf7267fd5ff21b4034f6687a08aa911e550c2932a27bf743e6e7b2ff3ee
e34a961c7d7b2a71aee6a07967d844086b9f57ac6cc3873cb8f9df703afefb54
a7cb398d18327b4bd6d36fc068185caf5aa3774094b203e894c28330e0dfff15
25a0f977d59f10408845e5c1bc56e5c607ed43ffc74e1949ab6e427f527a5767
b867ed0712ce9d92476a53fdb342b83c5a3494892eff5dbbe15ee61f345afc41
b7cc16072f7f7bd5da19833401f99e2d8867b86cec9985dc45fdba587f52ebcd
e346b85648c66943e9d10e91dcb41e01924dde787ce1dd2868d9014f9a306227
60cadabc79b6dd1110ed5e5983b4dc46dde10fa9a62bc6015ea7842ec2eb6423
3539f3a9307c7effe02cd97b75c572c266bced36cf6dc500b9994dcc79459351
91bd311209fbc7af4e114450c625b0337029c72896466d8c42daf4dd72951a4d
c7f002fae8d32878e87a6e2516fd07f4edf2241717beb0cb19acc643d0c52c68
b5c3a14448a514be018c5fc474ca44bf33669922a9b635868430b379b59ca14a
@Blevene

This comment has been minimized.

Copy link
Owner Author

Blevene commented Aug 21, 2017

41e698c7f1febdb53b9b7eae0f48fd93949602d0631d6f6b7dc0768958f7107a uses a byte array in PowerShell to build 7d785b77eea8f6adb975d9d71b35ea2565f0cff907dbe5eb5291afddc95d283a

@Blevene

This comment has been minimized.

Copy link
Owner Author

Blevene commented Aug 21, 2017

7d785b77eea8f6adb975d9d71b35ea2565f0cff907dbe5eb5291afddc95d283a

Short information

File Name 7d785b77eea8f6adb975d9d71b35ea2565f0cff907dbe5eb5291afddc95d283a
File Size 71168 byte
Compile Time 2017-07-11 16:50:10
DLL True
Sections 4
Hash MD5 05172fe20cb0ec2c5c3e6af0878a22fe
Hash SHA-1 e69c1aff7b08648418a89f55bf19b73262f9f07c
Detected Packer
Directory Export, Debug, Relocation

Packer matched [1]

Packer Borland Delphi 3.0 (???)

File name discovered [54]

Executable afwserv.exe
Executable avastsvc.exe
Executable avastui.exe
Executable avgfws.exe
Executable avgidsagent.exe
Executable avguard.exe
Executable avgui.exe
Executable avguix.exe
Executable avgwdsvcx.exe
Executable avira.servicehost.exe
Executable avp.exe
Executable avpui.exe
Executable bdagent.exe
Executable bullguard.exe
Executable bullguardscanner.exe
Executable cis.exe
Executable cistray.exe
Executable dwengine.exe
Executable dwservice.exe
Executable egui.exe
Executable ekrn.exe
Executable fmon.exe
Executable fortiesnac.exe
Executable fortitray.exe
Executable fortiwf.exe
Executable fsma32.exe
Executable fsma64.exe
Executable fsorsp.exe
Executable mbam.exe
Executable mbamscheduler.exe
Executable mbamservice.exe
Executable mbamtray.exe
Executable mcshield.exe
Executable mcsvhost.exe
Executable mcuicnt.exe
Executable mfefire.exe
Executable mfemms.exe
Executable mfevtps.exe
Executable ns.exe
Executable op_mon.exe
Executable psuamain.exe
Executable qhactivedefense.exe
Executable qhsafetray.exe
Executable savservice.exe
Executable sdcservice.exe
Executable sdrservice.exe
Executable spideragent.exe
Executable uiseagnt.exe
Executable uiwinmgr.exe
Executable v3lite.exe
Executable zaprivacyservice.exe
Executable zatray.exe
Library kernel32.dll
Library pld.dll

Url discovered [1]

Url update.microsoft.com

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.