LP#2678[.]iso | Triage

Sharing

Copy URL Twitter E-mail

General

Target

LP#2678.iso
Size

380KB
MD5

dd87a542b3a1993f3e95b0cd2fe3d815
SHA1

aa2d7d59fd9f8fa20280e97036ab5c5e7c728d6b
SHA256

68f865789b6d9e1ae6ffbc94ec9d4b106a7088db4a6b7f1622b35cc54fafbbd1
SHA512

a5cd708075ef79154fc4088bdad5ca1ce48f683970446a9d1c4dd108a6e254cf010ac1140ae7fb951eb96bee31ca5a389aa46815fcc3152d997f1fb8aa43dfe5
SSDEEP

6144:+CgMwcTSa09f3z8YVjqFp9guttDaPYVK9mT7843:v9+/b2Fp9gYteOP7

Score

N/A

Malware Config

Signatures

Files

LP#2678.iso
.iso
LPS.lnk
.lnk
cagily/harpist.dat
.dll regsvr32 windows x86

1d27833b4c581bf57ce155db88857e8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
ConnectNamedPipe
DisconnectNamedPipe
HeapCreate
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
ExitProcess
CreateThread
SuspendThread
ResumeThread
VirtualAlloc
GetProcAddress
SwitchToFiber
CreateFiber
LoadLibraryA
CreateNamedPipeA
WaitNamedPipeA
CreateActCtxA
ActivateActCtx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
DecodePointer
CreateFileW
RaiseException

Exports

Exports

DllInstall
DllRegisterServer
LvIz084rd2
PkpKbV7
RsI7100rs
VVNdyK

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cagily/surged.cmd
.cmd .vbs

Sharing

General

Malware Config

Signatures

Files

1d27833b4c581bf57ce155db88857e8b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 146KB - Virtual size: 145KB

.data Size: 78KB - Virtual size: 80KB

.gfids Size: 512B - Virtual size: 160B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 146KB - Virtual size: 145KB

.data
Size: 78KB - Virtual size: 80KB

.gfids
Size: 512B - Virtual size: 160B

.reloc
Size: 6KB - Virtual size: 5KB