lgoogloader | 62885-AKexe_unpack[.]exe

Resubmissions

04-07-2023 14:30

230704-rvlmgsdh94 10

Sharing

Copy URL

Twitter E-mail

General

Target

62885-AKexe_unpack.exe
Size

52KB
MD5

d64d2a6996ec322d2c4515f7c951b0fe
SHA1

64838a0cb3eea580b4982ed528cb14a1d81c5c45
SHA256

6f12098021d566fc2e051f23298a80b0cdb87fcaf53c09b6214d1d1169890a78
SHA512

b021da30568a92de64dfb251d0ad9537c1c3e6bf99304b8e7fab23907846f3cdf097b20da176312f81a18de0efead2f9a041a6e9f97efefc3ab8a01617991aa0
SSDEEP

384:UEatctO/J1FQmhegREcwPrB/WI3m+SZZobzyOABogB1lTf6/wtmr:UEatwKrCsvEDPrB/WjZszycg11f6omr

Score

10^/10

lgoogloader

Malware Config

Signatures

Detects LgoogLoader payload 1 IoCs

resource	yara_rule
sample	family_lgoogloader

Lgoogloader family
lgoogloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62885-AKexe_unpack.exe

Files

62885-AKexe_unpack.exe
.exe windows x86

0b7c87726727704c0bbed769ae7a97d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
TerminateProcess
GetCurrentProcess
GetTempPathW
CreateFileW
SetFilePointer
WriteFile
FlushFileBuffers
MoveFileExW
GetThreadContext
VirtualQueryEx
WriteProcessMemory
ReadProcessMemory
VirtualAllocEx
SetThreadContext
ResumeThread
GetProcAddress
GetModuleHandleW
Sleep
LoadLibraryA
GetFileSize
ReadFile
GetModuleHandleA
VirtualQuery
CreateDirectoryW
GetLongPathNameW
GetSystemTimeAsFileTime
lstrcatA
SetFileInformationByHandle
GetLastError
lstrcpyA
DeviceIoControl
MultiByteToWideChar
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
CreateProcessW
DeleteFileW
HeapFree
GetProcessHeap
GetSystemDirectoryA
HeapAlloc
IsProcessorFeaturePresent

user32

wsprintfW
EnumDisplayDevicesA

advapi32

RegQueryValueExW
RegQueryValueExA
RegEnumKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey

ole32

CoCreateGuid

shlwapi

StrStrIW
StrStrIA
PathFileExistsW
StrCatW
PathAppendW
PathAppendA
StrStrA
StrNCatA

wininet

HttpQueryInfoW
HttpSendRequestW
InternetSetOptionW
HttpAddRequestHeadersW
InternetReadFile
InternetCloseHandle
InternetCrackUrlW
InternetOpenW
InternetConnectW
InternetQueryOptionW
HttpOpenRequestW

urlmon

URLDownloadToFileW

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

0b7c87726727704c0bbed769ae7a97d4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shlwapi

wininet

urlmon

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 13KB

.gfids Size: 512B - Virtual size: 4B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 816B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 13KB

.gfids
Size: 512B - Virtual size: 4B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 816B