Lcx[.]exe | Triage

Sharing

General

Target

Lcx.exe
Size

56KB
MD5

fb6bf74c6c1f2482e914816d6e97ce09
SHA1

44abf440211f399dc9aa3b05748f229d5564227f
SHA256

8bb649b27fb9c748e283a97c2006e3b5c3c19c55dd4efce2387c65e83c8f5e97
SHA512

b7cbdea7219bf349a5216ec6447bf6110fa3e6f43bd55cb3e1dabc657bb1fad2fd22de7373e48a2c343573f1fc9d2f6b204d85ccf5e8b26f15de632d57718e2b
SSDEEP

768:cyStZ/yOrFyUnalQ2RIDZBO9k9qpHZ8IRi8aywAAaAoD:cPZ/8UuLqqpWIRYpnoD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Lcx.exe

Files

Lcx.exe
.exe windows x86

c75594581a68193ba06e0d9ae6113547

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateThread
Sleep
CreateThread
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
IsBadWritePtr
VirtualAlloc
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetStdHandle
HeapSize
HeapReAlloc
HeapFree
VirtualFree
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
RtlUnwind
GetLastError
CloseHandle
WriteFile
ReadFile
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FlushFileBuffers
HeapAlloc
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate

ws2_32

gethostbyname
connect
inet_addr
getpeername
ntohs
recv
select
__WSAFDIsSet
send
closesocket
htons
htonl
setsockopt
bind
listen
socket
accept
inet_ntoa
WSAStartup

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE