LYFWHHO_loader[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

LYFWHHO_loader.exe
Size

1.5MB
MD5

d53bba926975a93814a2300ad8d82667
SHA1

41c5ee0abe28d8299b69086a4e7be76df887a4a4
SHA256

7d30ec336a3f7872746fac0978c2d14abba1f38b39f5aa9a0edd46c69745dc46
SHA512

90a6d80b37b71393c75a185310d1dbef5ca54b29e6b6ba96d8723424d73393e27ac996fc637a5f5e41a9769d78a66ee5628ba5bad6e2bfac2415754c2ded8ac8
SSDEEP

24576:1zrehpthZC5jW1KnBejliWyr3Rek5Jah0lhSMXlMmo3nzscKfJk:1zr4tHMi1KBejliJ3TJ3XEnMO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
LYFWHHO_loader.exe

Files

LYFWHHO_loader.exe
.exe windows:6 windows x64

d1438e38bdf567cbc6f43d481d49b3c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3dx9_43

D3DXCreateTextureFromFileInMemory

ws2_32

htons
recv
connect
WSAStartup
inet_addr
send
socket

ntdll

ZwCreateThreadEx
NtCreateThreadEx
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlUnwind

kernel32

TerminateProcess
WaitForSingleObject
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
GetProcAddress
VirtualAllocEx
VirtualFreeEx
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
FreeLibrary
QueryPerformanceCounter
Sleep
DebugBreak
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
GetLastError
HeapSize
HeapReAlloc
ReadConsoleW
GetCurrentProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetFileType
HeapAlloc
HeapFree
WriteFile
GetStdHandle
GetModuleFileNameW
ReadFile
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
DeleteFileW
LoadLibraryExW
TlsFree
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
TlsSetValue
TlsGetValue
GetTimeZoneInformation
WriteProcessMemory
SetStdHandle
WriteConsoleW
TlsAlloc
SetLastError
InterlockedPushEntrySList
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
CreateEventW
FormatMessageA
LocalFree
GetLocaleInfoEx
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
SetEndOfFile
GetTempPathW
AreFileApisANSI
GetFileInformationByHandleEx
GetCurrentThreadId
WaitForSingleObjectEx
GetModuleHandleExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsProcessorFeaturePresent
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeSRWLock
TryAcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent

user32

MoveWindow
GetSystemMetrics
SetWindowRgn
GetWindowRect
DefWindowProcW
SetClipboardData
GetClipboardData
EmptyClipboard
SetCursorPos
CloseClipboard
OpenClipboard
GetCursorPos
FindWindowW
GetKeyState
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
PostQuitMessage

gdi32

CreateRoundRectRgn

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

d3d9

Direct3DCreate9

iphlpapi

GetAdaptersInfo

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

Sections

.text
Size: 1010KB - Virtual size: 1009KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fat
Size: 512B - Virtual size: 30B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1438e38bdf567cbc6f43d481d49b3c2

Headers

DLL Characteristics

File Characteristics

Imports

d3dx9_43

ws2_32

ntdll

kernel32

user32

gdi32

advapi32

d3d9

iphlpapi

imm32

Sections

.text Size: 1010KB - Virtual size: 1009KB

.rdata Size: 349KB - Virtual size: 348KB

.data Size: 115KB - Virtual size: 128KB

.pdata Size: 39KB - Virtual size: 39KB

_RDATA Size: 512B - Virtual size: 348B

.fat Size: 512B - Virtual size: 30B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 1010KB - Virtual size: 1009KB

.rdata
Size: 349KB - Virtual size: 348KB

.data
Size: 115KB - Virtual size: 128KB

.pdata
Size: 39KB - Virtual size: 39KB

_RDATA
Size: 512B - Virtual size: 348B

.fat
Size: 512B - Virtual size: 30B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 8KB - Virtual size: 8KB