LOADER.EXE, Prevx

Associated Malware Groups

The unsafe files using this name are associated with the malware groups:

Malicious Software
Worm
Malware Downloader

File Behavior

LOADER.EXE has been seen to perform the following behavior:

The Process is packed and/or encrypted using a software packing process
Adds a Registry Key (RUN) to auto start Programs on system start up
This process creates other processes on disk
Writes to another Process's Virtual Memory (Process Hijacking)
Executes a Process
Can communicate with other computer systems using HTTP protocols
This Process Deletes Other Processes From Disk
Injects code into other processes
Downloads program file(s) and other content from the web
Performs DNS look ups to resolve URL IP addresses
Copies files
Enables an In Process Object/Server - Common with DLL Injections
Adds products to the system registry
Modifies the Windows Host File which could be used to stop you visiting specific web sites by redirecting you to alternative addresses without you knowing
The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
Reads your outlook address book
Registers a Dynamic Link Library File

LOADER.EXE has been the subject of the following behavior:

Added as a Registry auto start to load Program on Boot up
Executed as a Process
Created as a process on disk
Has code inserted into its Virtual Memory space by other programs
Deleted as a process from disk
Terminated as a Process
Registered as a Dynamic Link Library File
Created by processes which appear to be checking for interception by security products

Country Of Origin

The filename LOADER.EXE was first seen on May 9 2007 in the following geographical regions of the Webroot community:

Canada on May 9 2007
The United States on May 14 2007
Spain on May 14 2007
Belgium on Jun 10 2007
Denmark on Jun 10 2007
Germany on Jan 20 2009
Poland on Jul 7 2009
Australia on Aug 27 2010
South Africa on Sep 5 2010
Italy on Feb 12 2012

File Name Aliases

LOADER.EXE can also use the following file names:

SETUP[1].EXE
BILL110.EXE
SETUP.EXE
SETUP8687170.EXE
SETUP8678032[1].EXE
LOADER_001.EXE
SETUP9834690[1].EXE
SETUP8272892.EXE
SETUP2123378[1].EXE
SETUP1797091[1].EXE
SETUP2067323[1].EXE
SETUP74183.EXE
ANDY128.EXE
LOADER[1].EXE
DF1A245S4_2584.EXE
DF1A245S4_2420.EXE
LOADER_002.EXE
LOADER_003.EXE
LOADER_004.EXE
LOADER_005.EXE
LOADER_006.EXE
LOADER_007.EXE
LOADER_008.EXE
LOADER_009.EXE
LOADER_010.EXE
LOADER_011.EXE
LOADER_012.EXE
LOADER_013.EXE
LOADER_014.EXE
LOADER_015.EXE
LOADER_016.EXE
LOADER_017.EXE
LOADER_018.EXE
LOADER_019.EXE
LOADER_020.EXE
LOADER_021.EXE
LOADER_022.EXE
LOADER_023.EXE
LOADER_024.EXE
LOADER_025.EXE
LOADER_026.EXE
LOADER_027.EXE
LOADER_028.EXE
LOADER_029.EXE
LOADER_030.EXE
LOADER_031.EXE
LOADER_032.EXE
LOADER_033.EXE
LOADER_034.EXE
LOADER_035.EXE
LOADER_036.EXE
LOADER_037.EXE
LOADER_038.EXE
LOADER_039.EXE
LOADER_040.EXE
LOADER_041.EXE
LOADER_042.EXE
LOADER_043.EXE
LOADER_044.EXE
LOADER_045.EXE
LOADER_046.EXE
LOADER_047.EXE
LOADER_048.EXE
LOADER_049.EXE
LOADER_050.EXE
LOADER_051.EXE
LOADER_052.EXE
LOADER_053.EXE
LOADER_054.EXE
LOADER_055.EXE
LOADER_056.EXE
LOADER_057.EXE
LOADER_058.EXE
LOADER_059.EXE
LOADER_060.EXE
LOADER_061.EXE
LOADER_062.EXE
LOADER_063.EXE
LOADER_064.EXE
LOADER_065.EXE
LOADER_066.EXE
LOADER_067.EXE
LOADER_068.EXE
LOADER (1).EXE
SETUP175962.EXE
CRWOXSENAM.EXE
CAXEOMRWSN.EXE
MXCNAWEORS.EXE
XCEWRANOSM.EXE
NCEWMRXSAO.EXE
NASMWROEXC.EXE
WMNAXRSOCE.EXE
NWORCMXASE.EXE
WORXASCENM.EXE
RACMONEXWS.EXE
OASRCMXWEN.EXE
CRSEMWOXNA.EXE
ORNSXCEAMW.EXE
XWCNAMSREO.EXE
RENWASOXMC.EXE
WRCASMENXO.EXE
RMNWXCOAES.EXE
EAROCSWMXN.EXE
NCWSMXAOER.EXE
XEWMORANSC.EXE
SREAXOWMCN.EXE
ESWROCNAXM.EXE
SNMOCXREWA.EXE
ESOMCRXANW.EXE
OXARMWSNCE.EXE
OERSWMAXNC.EXE
ACRNESOMXW.EXE
CXOSWNMARE.EXE
OXEARMSNCW.EXE
NAMRWEXSCO.EXE
OWRNXCSEAM.EXE
SWNXCRAMEO.EXE
EORSAMCNXW.EXE
NWCERMSAOX.EXE
MREWNXSOAC.EXE
WRCXSNEAOM.EXE
NRMOCXEWAS.EXE
XWERMSCNAO.EXE
ERSAMCWNOX.EXE
EMXCONWASR.EXE
WSENMXROAC.EXE
AOWMNRSXEC.EXE
WNMEAOXSRC.EXE
REANXOWMCS.EXE
MANXSERCWO.EXE
XWOCRSANME.EXE
ORMCXANSEW.EXE
WEXASRNMCO.EXE
CAOSXWMNER.EXE
CESRXNOWMA.EXE
ENSMACORWX.EXE
XNSCRAWMEO.EXE
XWAMONSCRE.EXE
XORNESAMCW.EXE
AOWCXRMSNE.EXE
CRAWSMXNOE.EXE
XCAMSORENW.EXE
NSWAECXROM.EXE
SWOXRENCMA.EXE
MAROCESNXW.EXE
XWCANOSREM.EXE
WRCXEMNAOS.EXE
OESXWCNARM.EXE
WOERXMCASN.EXE
MESSENGERDISCOVERY/LOADER.EXE
LOADER[n].EXE
C19H28O2.V7.15/LOADER.EXE
MSASA1.EXE
LOADER_715/LOADER.EXE
AGBOT/LOADER.EXE
LOADER.EXE.EXE
SILKERRSENDER.EXE
LOADER/LOADER.EXE
SMSMZ2.EXE
LOADER 175/LOADER.EXE
بندق.EXE
NEW FOLDER/LOADER.EXE
PACKAGE/LOADER.EXE
64005923.DAT

Filesizes

The following file size has been seen:

79,872 bytes
5,376 bytes
167,424 bytes
21,029 bytes
24,576 bytes
188,416 bytes
337,112 bytes
401,408 bytes
147,456 bytes

File Type

The filename LOADER.EXE refers to many versions of an executable program.

Help the Webroot Community to fight cyber crime

We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.

The filename referred to in this report is often associated with PC infections. If you have a program of this name on your PC and would like to help our research please tell us what you know in the form below:

I have this file on my PC and believe it is an infection
I have this file on my PC and think it has made my PC slower
My firewall asked if I wanted to let this file have access to the Internet
My PC will not work since I noticed this file on it
My antivirus detected this file but won't remove it
I know what this file is and believe it is a Safe program
I am the author of this file and would like to discuss how to have it reclassified as safe

Further Comments or information you'd like to share: (optional)

Your email address if you would like us to contact you about this file and any concerns you may have: (optional)

PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.

LOADER.EXE