GalaxyLoader

GalaxyLoader is a simple .NET loader. Its name stems from the .pdb and the function naming.

It seems to make use of iplogger.com for tracking. It employed WMI to check the system for

• IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
• IWbemServices::ExecQuery - select * from Win32_VideoController
• IWbemServices::ExecQuery - SELECT * FROM AntivirusProduct

Family metadata imported from Malpedia (Fraunhofer FKIE).