General
-
Target
mlwws..bin
-
Size
316KB
-
MD5
ef7e0674ffd0e3c9fda45b66298da09f
-
SHA1
4e535ff7b9874cf437fa004e9a34c2b42110be74
-
SHA256
7dec439f7902ab0cc9faae9174dfb425b38c8bd21e9bfb5a50156bd8dfb6ddc6
-
SHA512
71fed17546ed934d5fb0852a118c6da71bf51c7e270640350c0283fc72d3b61883a01a422402b9c1bef6a04826985e87e687d97d5a55e0060ca76ff0911630ad
-
SSDEEP
6144:oIh0zAu3vOiefUQH3PDKcL90ICtZRIfNJcqTJt2e83Kvixc9Ai9kNND80:o+0cu3vOiX0qIsZRIfjcqdt2e83KSL5N
Malware Config
Extracted
lumma
195.123.227.138
Signatures
-
Lumma family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource mlwws..bin
Files
-
mlwws..bin.exe windows x86
f4ad1b5fcf2cae19f0918ba11a4e52c9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CloseHandle
CompareStringW
CreateFileW
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FindAtomA
FindAtomW
FindClose
FindFirstFileExW
FindNextFileW
FindResourceA
FindResourceW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameA
GetComputerNameW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessId
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount64
GetTimeZoneInformation
GetUserDefaultLangID
GetUserDefaultUILanguage
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
OpenMutexA
OpenMutexW
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
RtlUnwind
SetEndOfFile
SetEnvironmentVariableW
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualQuery
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcatW
lstrcmpW
lstrcmpiW
lstrlenW
advapi32
GetUserNameW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
user32
EnumDisplayDevicesA
FindWindowA
FindWindowW
GetActiveWindow
GetCursorPos
GetDC
GetDesktopWindow
GetForegroundWindow
GetSystemMetrics
ReleaseDC
SystemParametersInfoW
wsprintfW
gdi32
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
DeleteDC
DeleteObject
GetDIBits
GetObjectW
SelectObject
Sections
.text Size: 255KB - Virtual size: 254KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 49KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.voltbl Size: 512B - Virtual size: 162B
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ