DMLOADER

Description

(Trend Micro) More recently, we observed a new loader, DMLOADER, was implanted. Instead of loading an additional payload file, it loads the embedded payload and decodes it as an in-memory PE buffer. This loader usually has an export function called “DoMain” or “StartProtect.” In the decoded PE payload, it should have an export function called “MThread.”

Names

Name
DMLOADER

Type

Loader

Information

https://www.trendmicro.com/en_us/research/25/d/earth-kurma-apt-campaign.html

Other Information

Uuid

5b6875e1-8d92-44bf-89b5-57fd46577729

Last Card Change

2025-06-27

Threat Intelligence Garden

Explorer

DMLOADER

DMLOADER

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks