luca-old[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

luca-old.exe
Size

4.3MB
MD5

3e854a7922eebba615e2a1bae0567930
SHA1

c8584a596a18ffbc38fb37fcb5947a0db9c18222
SHA256

4a5fb7a946d87e2dc5a6dae62fedc293467831e41a62527656bdf7e2f2e06dcd
SHA512

aa4072c7a81c3046b45e1a9f21e8822259bbcedb5496bfc49c0e36cce5f57394900633031a68847acac995ae418ae9123f7381e3576fcd36e20a65528c318626
SSDEEP

49152:k+/f+zJQnlqF6qvNmXeRZAt+V6WyxH66KhA+f6vCOVRs2VGF9/b00VgRqOisYbkm:/qFDvQXGwRs2E9UChVGcHvfFq63

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
luca-old.exe

Files

luca-old.exe
.exe windows:6 windows x64

410d97830da07cc9b7f095311673b456

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
GetModuleHandleW
FormatMessageW
GetTempPathW
GetModuleFileNameW
CreateFileW
GetFileInformationByHandleEx
GetFullPathNameW
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
FindClose
GetProcAddress
GetModuleHandleA
WakeAllConditionVariable
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
CreateEventW
CancelIo
ReadFile
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetCurrentDirectoryW
GetSystemInfo
AcquireSRWLockShared
ReleaseSRWLockShared
CopyFileExW
SleepConditionVariableSRW
SetHandleInformation
WakeConditionVariable
SetThreadStackGuarantee
RtlPcToFileHeader
RtlUnwindEx
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
AddVectoredExceptionHandler
FreeLibrary
SetFileCompletionNotificationModes
CreateIoCompletionPort
IsDebuggerPresent
EncodePointer
RaiseException
RtlVirtualUnwind
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
Sleep
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetFinalPathNameByHandleW
SetLastError
InitializeSListHead
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
IsProcessorFeaturePresent
SwitchToThread
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetCurrentThread
TlsSetValue
HeapReAlloc
GetProcessHeap
UnhandledExceptionFilter
HeapAlloc
TerminateProcess
CloseHandle
GetLastError
TryAcquireSRWLockExclusive
SetUnhandledExceptionFilter
GetExitCodeProcess
DeleteFileW
TlsFree
WaitForSingleObject
GetOverlappedResult
WaitForMultipleObjects
GetFileInformationByHandle
RtlCaptureContext
LoadLibraryExW
HeapFree

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayDestroy
SysAllocStringLen
SysStringLen
GetErrorInfo
VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
SysFreeString

crypt32

CertDuplicateCertificateContext
CertOpenStore
CertEnumCertificatesInStore
CryptUnprotectData
CertAddCertificateContextToStore
CertDuplicateStore
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertDuplicateCertificateChain
CertGetCertificateChain
CertFreeCertificateContext
CertCloseStore

user32

EnumDisplaySettingsExW
GetMonitorInfoW
EnumDisplayMonitors

ws2_32

WSASend
setsockopt
ioctlsocket
WSASocketW
bind
socket
listen
shutdown
recv
WSACleanup
WSAStartup
closesocket
WSAIoctl
getaddrinfo
getsockopt
connect
getsockname
WSAGetLastError
getpeername
freeaddrinfo
accept
send

ntdll

NtWriteFile
NtCancelIoFileEx
NtCreateFile
NtDeviceIoControlFile
NtReadFile
RtlNtStatusToDosError

bcrypt

BCryptGenRandom

advapi32

RegOpenKeyExW
RegCloseKey
CheckTokenMembership
FreeSid
RegQueryValueExW
SystemFunction036
AllocateAndInitializeSid

secur32

AcceptSecurityContext
DeleteSecurityContext
ApplyControlToken
AcquireCredentialsHandleA
FreeCredentialsHandle
FreeContextBuffer
EncryptMessage
InitializeSecurityContextW
QueryContextAttributesW
DecryptMessage

ole32

CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity

gdi32

GetDeviceCaps
DeleteDC
DeleteObject
GetObjectW
CreateCompatibleDC
CreateDCW
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
StretchBlt
GetDIBits

api-ms-win-crt-string-l1-1-0

strcspn
strlen
strcmp
wcsncmp
strcpy_s
strncmp

api-ms-win-crt-math-l1-1-0

_dclass
pow
__setusermatherr
log

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
_set_new_mode
calloc
_msize

api-ms-win-crt-utility-l1-1-0

qsort
_rotl64

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

__p___argv
_register_thread_local_exe_atexit_callback
__p___argc
_exit
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_initterm_e
_initterm
_get_initial_narrow_environment
terminate
abort
_initialize_narrow_environment
_cexit
_configure_narrow_argv
_set_app_type
_seh_filter_exe
_endthreadex
_beginthreadex
_c_exit

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

410d97830da07cc9b7f095311673b456

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

crypt32

user32

ws2_32

ntdll

bcrypt

advapi32

secur32

ole32

gdi32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 24KB - Virtual size: 27KB

.pdata Size: 70KB - Virtual size: 70KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 24KB - Virtual size: 27KB

.pdata
Size: 70KB - Virtual size: 70KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 29KB - Virtual size: 29KB