ludusavi[.]exe

Resubmissions

11/06/2023, 00:35

230611-axqksagb49 3

11/06/2023, 00:34

230611-awt7ksgh4w 3

Sharing

Copy URL Twitter E-mail

General

Target

ludusavi.exe
Size

14.2MB
MD5

cef90f4178bdaffc16ec51a0bed1ec96
SHA1

b7b2e97eb579545ec55ed4b83212f75620f892c8
SHA256

9b66e9c09b383cf6c4bdb24090f13c968e95b8f6135925c802600363696c7861
SHA512

315a8eb72ad3c3981e323abe32b658be4d5c5909bad4b3d381e6b68ef13a7453b2cf5f751cad9f20d544a62572fa14db5d9cb0ade3b55495f3bf4fd91b0ae15a
SSDEEP

98304:PvuugFov/MW3kmM+4TWFNYTj43ITvyVrqnRLcBQj+YmDExSjuN:PpMw4kYErqnRLcBQjSGT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ludusavi.exe

Files

ludusavi.exe
.exe windows x64

e6ba5ab91241cb2b998e8f848932d930

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentThreadId
EncodePointer
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
TlsAlloc
GetConsoleOutputCP
FindFirstFileExW
IsValidCodePage
UnhandledExceptionFilter
TlsFree
EnterCriticalSection
GetACP
ReleaseSRWLockShared
AcquireSRWLockShared
TryAcquireSRWLockExclusive
GetConsoleMode
GetStdHandle
GetFileType
GetFileInformationByHandleEx
CreateFileW
SetConsoleMode
GetLastError
GetOEMCP
LoadLibraryExW
GetProcAddress
FreeLibrary
GetCPInfo
RtlVirtualUnwind
SetConsoleCtrlHandler
lstrlenW
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
CreateThread
ReadConsoleW
WriteConsoleW
SetFileAttributesW
MoveFileExW
FileTimeToSystemTime
SetStdHandle
GetStringTypeW
AcquireSRWLockExclusive
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetCommandLineA
SetFileTime
GetFileAttributesW
CreateProcessW
GetSystemDirectoryW
WaitForMultipleObjects
FlsAlloc
FlsGetValue
FlsSetValue
LoadLibraryW
CreateNamedPipeW
GetModuleHandleW
GetFullPathNameW
GetModuleHandleExW
GetModuleFileNameW
SetThreadErrorMode
ExitProcess
Sleep
FormatMessageW
CancelIo
CreateEventW
GlobalLock
GlobalSize
CopyFileExW
GlobalAlloc
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
FlsFree
DeleteFileW
FindFirstFileW
GlobalUnlock
GetFinalPathNameByHandleW
GetWindowsDirectoryW
GetFileInformationByHandle
CompareStringW
CreateDirectoryW
FindNextFileW
CreateMutexA
WaitForSingleObjectEx
HeapReAlloc
HeapFree
GetProcessHeap
LoadLibraryA
HeapAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
WakeConditionVariable
WakeAllConditionVariable
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
ReadFileEx
SleepEx
WriteFileEx
SetFilePointerEx
DuplicateHandle
SetFileInformationByHandle
FlushFileBuffers
GetCommandLineW
ReleaseSRWLockExclusive
SetEnvironmentVariableW
GetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThread
GetCurrentProcess
SwitchToThread
SetThreadStackGuarantee
LCMapStringW
AddVectoredExceptionHandler
GetTimeZoneInformation
GetModuleHandleA
SleepConditionVariableSRW
CompareStringOrdinal
FindClose
ReleaseMutex
FreeEnvironmentStringsW
CloseHandle
SetConsoleTextAttribute
GetSystemInfo
ReadConsoleInputW
GetNumberOfConsoleInputEvents
SetHandleInformation
SetConsoleCursorInfo
GetCurrentProcessId
GetConsoleCursorInfo
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
SetFileCompletionNotificationModes
WriteFile
GetOverlappedResult
ReadFile
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
HeapSize

user32

IsProcessDPIAware
GetWindowRect
GetRawInputData
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
GetKeyState
ShowCursor
ClipCursor
GetClipCursor
ClientToScreen
GetMessageW
AdjustWindowRectEx
GetMenu
GetWindowLongW
ShowWindow
SetWindowLongW
SendMessageW
CreateIcon
DestroyIcon
SetForegroundWindow
SendInput
MapVirtualKeyW
LoadCursorW
MapVirtualKeyA
TranslateMessage
SystemParametersInfoA
SetCapture
DispatchMessageW
RegisterClassExW
MsgWaitForMultipleObjectsEx
CreateWindowExW
RegisterRawInputDevices
GetWindowLongPtrW
RegisterWindowMessageA
FlashWindowEx
SetClipboardData
EmptyClipboard
GetClipboardData
InvalidateRgn
CloseClipboard
OpenClipboard
GetClassInfoExW
GetClassNameW
GetDC
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
MonitorFromRect
ScreenToClient
DestroyWindow
CloseTouchInputHandle
PostMessageW
PostThreadMessageW
GetSystemMetrics
GetTouchInputInfo
TrackMouseEvent
MonitorFromPoint
RegisterTouchWindow
GetActiveWindow
GetClientRect
SetCursor
GetUpdateRect
PeekMessageW
ReleaseCapture
DefWindowProcW
IsWindowVisible
ChangeDisplaySettingsExW
RedrawWindow
ValidateRect
SetWindowTextW
GetForegroundWindow
SetWindowPlacement
GetWindowPlacement
SetWindowLongPtrW

opengl32

wglGetProcAddress
wglGetCurrentContext
wglDeleteContext
wglShareLists
wglCreateContext
wglGetCurrentDC
wglMakeCurrent

ole32

OleInitialize
CoTaskMemFree
CoInitializeEx
CoCreateInstance
RevokeDragDrop
CoUninitialize
RegisterDragDrop

gdi32

SwapBuffers
GetDeviceCaps
DeleteObject
SetPixelFormat
CreateRectRgn
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat

dwmapi

DwmEnableBlurBehindWindow

advapi32

RegCloseKey
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW
SystemFunction036
GetUserNameW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW

ws2_32

getaddrinfo
getpeername
getsockname
freeaddrinfo
WSACleanup
WSAStartup
closesocket
WSASocketW
bind
connect
ioctlsocket
getsockopt
shutdown
recv
send
WSASend
setsockopt
WSAIoctl
WSAGetLastError

shell32

SHCreateItemFromParsingName
ShellExecuteW
SHGetKnownFolderPath
DragQueryFileW
DragFinish

winmm

timeBeginPeriod
timeGetDevCaps
timeEndPeriod

uxtheme

SetWindowTheme

imm32

ImmGetContext
ImmGetCompositionStringW
ImmReleaseContext
ImmAssociateContextEx

ntdll

RtlNtStatusToDosError
NtCancelIoFileEx
NtReadFile
NtDeviceIoControlFile
NtWriteFile
NtCreateFile

bcrypt

BCryptGenRandom

Sections

.text
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 442KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

e6ba5ab91241cb2b998e8f848932d930

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

opengl32

ole32

gdi32

dwmapi

advapi32

ws2_32

shell32

winmm

uxtheme

imm32

ntdll

bcrypt

Sections

.text Size: 9.1MB - Virtual size: 9.1MB

.rdata Size: 4.6MB - Virtual size: 4.6MB

.data Size: 21KB - Virtual size: 27KB

.pdata Size: 442KB - Virtual size: 441KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 59KB - Virtual size: 59KB

.text
Size: 9.1MB - Virtual size: 9.1MB

.rdata
Size: 4.6MB - Virtual size: 4.6MB

.data
Size: 21KB - Virtual size: 27KB

.pdata
Size: 442KB - Virtual size: 441KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 59KB - Virtual size: 59KB