lotrbfme2ep1[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

lotrbfme2ep1.exe
Size

488KB
MD5

3d7da4dc0f45120e49c959b97c3a0865
SHA1

920810326d03c194a228aa23197f2c6efc72ac75
SHA256

034a5b9111b60279c4999f302fc991a31ed5f1741b8917c63f3e1471182d69c4
SHA512

2a9234d6e020f4924899a8a40a5d5bef90325a85181f3fbc84c6cd314c81206eaebea120827b95de014c3b9f8bdadb1cca73a17d9ec584317d7776a39147a852
SSDEEP

6144:Z+NHhGa/x2v3CAUMsh6dlkilvzPhPxWWWnxi5Sljquyxf2iKNz7+qdFE02KXPkAR:Z/3x5n1hPxJWn8Slj9LlzW02KcDs

Score

1^/10

Malware Config

Signatures

Files

lotrbfme2ep1.exe
.exe windows x86

Password: infected

0cc4cc8629d241e63f4f7b62a76a8785

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

kernel32

GetStringTypeExA
GetStringTypeExW
FindClose
FindFirstFileA
FindNextFileA
LocalFree
LocalAlloc
GetCurrentProcess
GetCurrentThread
Sleep
CreateMutexA
FreeLibrary
GetProcAddress
LoadLibraryA
FormatMessageA
CreateProcessA
GetExitCodeProcess
WaitForSingleObject
OpenProcess
WaitForMultipleObjects
CreateEventA
UnmapViewOfFile
GetVolumeInformationA
MapViewOfFileEx
CreateFileMappingA
GetModuleFileNameA
InitializeCriticalSection
GetEnvironmentVariableW
GetEnvironmentVariableA
CompareStringW
CompareStringA
SetEnvironmentVariableA
GetLocaleInfoW
GetTimeZoneInformation
FlushFileBuffers
IsValidCodePage
IsValidLocale
GetUserDefaultLCID
GetDateFormatA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
IsBadWritePtr
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
HeapSize
QueryPerformanceCounter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
SetStdHandle
SetHandleCount
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
lstrlenA
lstrcmpiW
lstrlenW
lstrcmpiA
GetVersion
DeleteCriticalSection
RaiseException
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetFilePointer
SetEndOfFile
GetFileSize
ReadFile
DeleteFileA
GetLastError
OutputDebugStringA
WideCharToMultiByte
WriteFile
CloseHandle
CreateFileA
DeviceIoControl
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
GetStartupInfoA
GetSystemTimeAsFileTime
SetCurrentDirectoryA
GetFullPathNameA
GetCurrentDirectoryA
GetDriveTypeA
VirtualAlloc
HeapAlloc
HeapFree
RtlUnwind
GetStringTypeA
LCMapStringA
EnumSystemLocalesA
GetCPInfo
PeekNamedPipe
LCMapStringW
GetStringTypeW
MapViewOfFile
GetSystemInfo
GetFileType
FindResourceA
LoadResource
SizeofResource
LockResource
Module32First
SetUnhandledExceptionFilter
InterlockedIncrement
ReleaseMutex
InterlockedDecrement
IsBadReadPtr
GetCurrentThreadId
GetLocalTime
GetModuleHandleA
GetCommandLineA
GetTimeFormatA
GetCurrentProcessId
IsBadCodePtr
ReadProcessMemory
GlobalUnlock
GlobalLock
GlobalAlloc
Thread32Next
ResumeThread
Thread32First
GetExitCodeThread
CreateThread
SuspendThread
CreateToolhelp32Snapshot
ExitProcess
VirtualProtect
VirtualQuery
TerminateProcess
GlobalFree
GlobalSize
GlobalReAlloc
Beep
SetNamedPipeHandleState
GetComputerNameA
CopyFileA
FreeConsole
WriteConsoleOutputA
GetTickCount
GetConsoleScreenBufferInfo
ReadConsoleInputA
GetNumberOfConsoleInputEvents
GetStdHandle
SetConsoleScreenBufferSize
SetConsoleWindowInfo
SetConsoleTitleA
GetConsoleTitleA
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleMode
AllocConsole
WriteProcessMemory
Module32Next

user32

CharUpperA
CharUpperW
MessageBoxW
CharLowerW
GetSystemMenu
DeleteMenu
DrawMenuBar
SetTimer
DialogBoxIndirectParamA
KillTimer
OpenClipboard
EmptyClipboard
SetClipboardData
CharLowerA
FindWindowA
PostThreadMessageA
PeekMessageA
SetWindowTextA
ExitWindowsEx
GetMessageA
DispatchMessageA
TranslateMessage
EndDialog
SendDlgItemMessageA
DefWindowProcA
RegisterClassA
GetSystemMetrics
CreateWindowExA
InvalidateRect
BeginPaint
GetClientRect
EndPaint
CreateDialogParamA
ShowWindow
SetForegroundWindow
LoadIconA
SendMessageA
GetDlgItem
SetWindowTextW
SetDlgItemTextW
DestroyWindow
PostQuitMessage
UnregisterClassA
GetWindowRect
GetWindowLongA
EnumThreadWindows
wsprintfA
wvsprintfA
MessageBoxA
CloseClipboard

gdi32

SetDIBColorTable
SetStretchBltMode
StretchBlt
GetDIBColorTable
SelectObject
DeleteDC
CreateCompatibleDC
DeleteObject
CreateFontA
CreateDIBSection
GetObjectA

advapi32

RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
GetUserNameA
LookupPrivilegeValueA
AdjustTokenPrivileges
ImpersonateSelf
OpenThreadToken
OpenProcessToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
FreeSid
RegQueryValueExA

shell32

ShellExecuteA

gdiplus

GdiplusShutdown
GdipDisposeImage
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdiplusStartup
GdipBitmapUnlockBits
GdipGetImagePixelFormat

msimg32

TransparentBlt
AlphaBlend

ole32

CreateStreamOnHGlobal

Exports

Exports

?PatchCallBack@@YGPAXIPAX@Z
?PostStaticInit@Debug@@CAXXZ
?PreStaticInit@Debug@@CAPAV1@XZ

Sections

.text
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

STLPORT_
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

0cc4cc8629d241e63f4f7b62a76a8785

Headers

File Characteristics

Imports

comctl32

psapi

kernel32

user32

gdi32

advapi32

shell32

gdiplus

msimg32

ole32

Exports

Exports

Sections

.text Size: 376KB - Virtual size: 375KB

.rdata Size: 64KB - Virtual size: 60KB

.data Size: 12KB - Virtual size: 77KB

STLPORT_ Size: 4KB - Virtual size: 32B

.rsrc Size: 28KB - Virtual size: 26KB

.text
Size: 376KB - Virtual size: 375KB

.rdata
Size: 64KB - Virtual size: 60KB

.data
Size: 12KB - Virtual size: 77KB

STLPORT_
Size: 4KB - Virtual size: 32B

.rsrc
Size: 28KB - Virtual size: 26KB