lgoogloader | 2007CBC9167DFE3456F5664F2D254F98A3166BFD7BFA8[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2007CBC9167DFE3456F5664F2D254F98A3166BFD7BFA8.exe
Size

52KB
MD5

58b23b64c58d3ee911bbbb5d2e53a9a2
SHA1

079c5576d76948b98d33a24900c01f8153243d31
SHA256

2007cbc9167dfe3456f5664f2d254f98a3166bfd7bfa836af9e7b73f4c98971d
SHA512

045970aada208ae7e5b6d5d96454b7addc789fc8f7226b60a6f03bb98152ce4e95fdedd39f8e5244cba12334a2bd1e26fee4dbcd8129e43011c77c2bcbb7f7de
SSDEEP

384:apHtxa1VRFIpMn1W1TxtDF7YhZZgbzyOoBogB1lTf6/wtL9:apHtCQKMT3DFkPZkzy0g11f6oL9

Score

10^/10

lgoogloader

Malware Config

Signatures

Detects LgoogLoader payload 1 IoCs

resource	yara_rule
sample	family_lgoogloader

Lgoogloader family
lgoogloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2007CBC9167DFE3456F5664F2D254F98A3166BFD7BFA8.exe

Files

2007CBC9167DFE3456F5664F2D254F98A3166BFD7BFA8.exe
.exe windows x86

0b7c87726727704c0bbed769ae7a97d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
TerminateProcess
GetCurrentProcess
GetTempPathW
CreateFileW
SetFilePointer
WriteFile
FlushFileBuffers
MoveFileExW
GetThreadContext
VirtualQueryEx
WriteProcessMemory
ReadProcessMemory
VirtualAllocEx
SetThreadContext
ResumeThread
GetProcAddress
GetModuleHandleW
Sleep
LoadLibraryA
GetFileSize
ReadFile
GetModuleHandleA
VirtualQuery
CreateDirectoryW
GetLongPathNameW
GetSystemTimeAsFileTime
lstrcatA
SetFileInformationByHandle
GetLastError
lstrcpyA
DeviceIoControl
MultiByteToWideChar
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
CreateProcessW
DeleteFileW
HeapFree
GetProcessHeap
GetSystemDirectoryA
HeapAlloc
IsProcessorFeaturePresent

user32

wsprintfW
EnumDisplayDevicesA

advapi32

RegQueryValueExW
RegQueryValueExA
RegEnumKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey

ole32

CoCreateGuid

shlwapi

StrStrIW
StrStrIA
PathFileExistsW
StrCatW
PathAppendW
PathAppendA
StrStrA
StrNCatA

wininet

HttpQueryInfoW
HttpSendRequestW
InternetSetOptionW
HttpAddRequestHeadersW
InternetReadFile
InternetCloseHandle
InternetCrackUrlW
InternetOpenW
InternetConnectW
InternetQueryOptionW
HttpOpenRequestW

urlmon

URLDownloadToFileW

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b7c87726727704c0bbed769ae7a97d4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shlwapi

wininet

urlmon

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 13KB

.gfids Size: 4KB - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 816B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 13KB

.gfids
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 816B