Lxixxxx[.]exe[.]bin | Triage

Sharing

General

Target

Lxixxxx.exe.bin
Size

3.8MB
MD5

66d9c9420d69991674c5ddd2e7767f74
SHA1

856c51cdc2c779cff7b7b2e9ff410f5874b88ea5
SHA256

475933d5a366f52fcf46423b47b3c42ea53c43174a42cab1b9f65db0785c71d0
SHA512

0e44dfb5f60ac8c4781a35a297a99f1e7a62b3e18165581d7425ab947ed156970f5442cc35c8d85c41dadb8c09ee146f8280eb897378b2a516411fde1fe7bf99
SSDEEP

49152:Nlsdz8EuPBVJiprvXSRzPuPj0g9480SOrQ7wGVhiXiyVvU1+8FTmlJs85nBxvsXH:XsdqV2vCR8QSOMSXD+FeJsXw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Lxixxxx.exe.bin

Files

Lxixxxx.exe.bin
.exe windows x64

0fa6abd5edd1ea3b4502eeb25b682f8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentThread
GetStdHandle
GetConsoleMode
WaitForSingleObject
WriteConsoleW
WaitForSingleObjectEx
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
GetModuleHandleW
FormatMessageW
GetTempPathW
GetModuleFileNameW
CreateFileW
GetFileInformationByHandleEx
GetFullPathNameW
GlobalUnlock
FindNextFileW
CreateDirectoryW
FindFirstFileW
ReleaseSRWLockExclusive
InitializeSListHead
IsProcessorFeaturePresent
GetFileInformationByHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
FindClose
CreateProcessW
GetFileAttributesW
DuplicateHandle
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
GlobalFree
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
CopyFileExW
SleepConditionVariableSRW
Sleep
WakeConditionVariable
GetModuleHandleA
GlobalSize
GlobalLock
GlobalAlloc
MultiByteToWideChar
SetFileCompletionNotificationModes
CreateIoCompletionPort
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetTimeZoneInformation
RtlVirtualUnwind
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
FreeLibrary
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
UnhandledExceptionFilter
TryAcquireSRWLockExclusive
SwitchToThread
GetProcessHeap
WideCharToMultiByte
GetFinalPathNameByHandleW
SetLastError
HeapAlloc
PostQueuedCompletionStatus
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetCurrentProcess
GetProcAddress
LoadLibraryA
WakeAllConditionVariable
AcquireSRWLockExclusive
HeapReAlloc
GetSystemInfo
GetLastError
SetHandleInformation
IsDebuggerPresent
CloseHandle
GetQueuedCompletionStatusEx
SetUnhandledExceptionFilter
GetWindowsDirectoryW
TerminateProcess
SetFilePointerEx
HeapFree

ws2_32

ioctlsocket
WSASocketW
bind
listen
setsockopt
connect
getaddrinfo
WSASend
freeaddrinfo
WSAStartup
WSACleanup
recv
getsockopt
WSAIoctl
send
shutdown
accept
getsockname
WSAGetLastError
getpeername
socket
closesocket

crypt32

CertDuplicateStore
CryptUnprotectData
CertFreeCertificateContext
CertDuplicateCertificateContext
CertCloseStore
CertDuplicateCertificateChain
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertOpenStore
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy

advapi32

CheckTokenMembership
RegQueryValueExW
AllocateAndInitializeSid
FreeSid
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExW
SystemFunction036
RegCloseKey

bcrypt

BCryptGenRandom

user32

EmptyClipboard
EnumDisplaySettingsExW
GetClipboardData
OpenClipboard
GetMonitorInfoW
CloseClipboard
SetClipboardData
EnumDisplayMonitors

ntdll

NtCreateFile
NtCancelIoFileEx
NtDeviceIoControlFile
RtlNtStatusToDosError

secur32

QueryContextAttributesW
FreeContextBuffer
DeleteSecurityContext
EncryptMessage
ApplyControlToken
FreeCredentialsHandle
AcceptSecurityContext
InitializeSecurityContextW
AcquireCredentialsHandleA
DecryptMessage

gdi32

DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
StretchBlt
GetDIBits
GetObjectW
DeleteObject
GetDeviceCaps
CreateDCW

ole32

CoInitializeEx
CoInitializeSecurity

vcruntime140

memmove
memcmp
__current_exception_context
__current_exception
memset
__CxxFrameHandler3
strrchr
memcpy
__C_specific_handler

api-ms-win-crt-string-l1-1-0

strcmp
strncmp
strlen
strcspn

api-ms-win-crt-utility-l1-1-0

_rotl64
qsort

api-ms-win-crt-heap-l1-1-0

_msize
_set_new_mode
malloc
free
realloc

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-math-l1-1-0

_dclass
log
__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
exit
_initterm_e
_c_exit
_initterm
_cexit
_exit
_beginthreadex
_endthreadex
_initialize_onexit_table
__p___argv
_seh_filter_exe
_set_app_type
_register_onexit_function
__p___argc
terminate
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ