lpremove[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

lpremove.exe
Size

56KB
MD5

c1c6a67fa093b4218e20d7339039f09c
SHA1

e61db7a6870d895fdb5402b0f80bb9beefc6cee8
SHA256

148b7b678fe8e74f8d92412b14eff11496d7b1ab7b8a548b327594f806df77af
SHA512

cbf7e71c910d0c497aa06f9a6eb805fd5bc35cc958112742ae0c012439381b8ca64fabd8d25b6280e210111d06a195b64c4b18a81c5378ff5ea801e1615481a7
SSDEEP

768:q67S3bre0GmpYMzKxFPhdMc4hID8bcoICZDMYDfUbcTv43bLTCXDp6rm08:q67L0Gm2bBQECVZDfUb1bfCXDp6rm08

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
lpremove.exe

Files

lpremove.exe
.exe windows x64

bc8b53a40e2042348c46e384fde1f769

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

EventWriteTransfer
EventRegister
EventUnregister
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteTreeW
RegDeleteKeyW
RegGetValueW
RegDeleteKeyExW
LookupAccountNameW
ConvertSidToStringSidW
RegEnumValueW
RegSetValueExW
AdjustTokenPrivileges
PrivilegeCheck
RegLoadKeyW
RegUnLoadKeyW
OpenProcessToken
LookupPrivilegeValueW

kernel32

IsDebuggerPresent
CloseHandle
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetWindowsDirectoryW
EnumUILanguagesW
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
LocalFree
GetModuleFileNameA
LocalAlloc
GetSystemPreferredUILanguages
GetModuleHandleExW
GetCurrentThreadId
GetModuleHandleW
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetFileAttributesW
GetFileAttributesExW
FindClose
FindNextFileW
FindFirstFileW
GetProcAddress
DebugBreak
LocaleNameToLCID
HeapAlloc
OutputDebugStringW
FormatMessageW
HeapFree
GetLastError
GetProcessHeap

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm
_register_thread_local_exe_atexit_callback
_initterm_e

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o___std_exception_destroy
_o__set_fmode
_o__set_new_mode
_o__wcsdup
_o__wcsicmp
_o__wgetenv_s
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
_CxxThrowException
_o___p__commode
_o___p___wargv
_o___std_exception_copy
_o___p___argc
__CxxFrameHandler3
wcschr
memcpy
memmove

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

bcp47langs

Bcp47GetMuiForm
GetUserLanguagesForUser

ntdll

WinSqmStartSession
WinSqmSetDWORD
WinSqmAddToStream
NtIsUILanguageComitted
RtlNtStatusToDosError
WinSqmEndSession

appxdeploymentclient

ord34
ord30

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc8b53a40e2042348c46e384fde1f769

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-security-sddl-l1-1-0

bcp47langs

ntdll

appxdeploymentclient

Sections

.text Size: 33KB - Virtual size: 32KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 96B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 120B

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 96B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 120B