lumma | lumma_bytecode_test[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

lumma_bytecode_test.zip
Size

11.5MB
MD5

92c1e5e3711832537cb51355a1b9de99
SHA1

842cde9893436e947dc46f68212f157e5626d607
SHA256

e4bafd7a717d84b8eec74482330bc3ad2bbada09412169d59a48eecd7daaedae
SHA512

d7f6a486a3bd22e82564728e0981f1cd1f646738f558a33fdf3b74f3dfe27eff2cc2c958474ce3adbded998cd2800c01afc65abb26ef700d3fa82b7e7cd91269
SSDEEP

196608:FMxAspYie5HXqBvEHbtHRD89iUjU/FQvpKnsRMry8hSHoB8sXQIcVrHqd64sbskv:FMnCoBytHAUdqpKnmMry5IB8sXUbqdyv

Score

10^/10

vmprotect lumma

Malware Config

Signatures

Detect Lumma Stealer payload V2 1 IoCs

resource	yara_rule
static1/unpack001/55f94b2a4b51aed5b8cbd11fcf00431511dc2b94992419aa9c43e480f4308ea1	family_lumma_V2

Lumma family
lumma

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/47b9dad239cf3c013c33a9a11c226380ce116ab648e4656a8ee6ece9c5de975e	vmprotect

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/25b5b5de68e9e2695ec6979f0f3ec9f188245870a9fa979b31de039bdd19958d
unpack001/47b9dad239cf3c013c33a9a11c226380ce116ab648e4656a8ee6ece9c5de975e
unpack001/55f94b2a4b51aed5b8cbd11fcf00431511dc2b94992419aa9c43e480f4308ea1
unpack001/7cd22ca3d077e3422a5677452795d9024e3eb23dd700aebd83092d651dc98b05
unpack001/88bbd0f57e69711c2946e3c3212b95c4e8b92ef530eaa66204b322e2bc95a2ec
unpack001/8f44d889a1ae0efd6ea86e8a6c0edf3c32aaf5164f47fcc8f77a5bbf5daa823b
unpack001/9d7b26554a8056dcfc1e42a1643c526cbc9dc1a4e9e5c5f7d67d0e5ae5ecad16
unpack001/d3e16557e8e06f69240005429cc7440580fa11e4064699576a18d8dcddf1701a
unpack001/ea6ec9be3aea67056e4564a9b3ce8d6e92eda54db32e710043de98d7d65ffd54
unpack001/ed73681370e545e14bde32a792d1a1937acb9b83958c5c5e8b1451b55a2d7d6b

Files

lumma_bytecode_test.zip
.zip

Password: infected
25b5b5de68e9e2695ec6979f0f3ec9f188245870a9fa979b31de039bdd19958d
.exe windows:6 windows x86

94cd17a90636cb267d691bb44bc51094

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CompareStringW
CreateDirectoryW
CreateFileA
CreateFileW
CreateProcessW
DecodePointer
DeleteCriticalSection
DeleteFileW
EncodePointer
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameExA
GetComputerNameW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeW
GetEnvironmentStringsW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetVolumeInformationW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
RtlUnwind
SetEndOfFile
SetEnvironmentVariableW
SetFilePointerEx
SetFileTime
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
WideCharToMultiByte
WinExec
WriteConsoleW
WriteFile
lstrcatW
lstrcmpW
lstrcmpiW
lstrlenW

user32

EnumDisplayDevicesA
GetDC
GetDesktopWindow
GetSystemMetrics
ReleaseDC
SystemParametersInfoW
wsprintfW

advapi32

GetCurrentHwProfileW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
DeleteDC
DeleteObject
GetDIBits
GetObjectW
SelectObject

shlwapi

PathFileExistsW

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest

iphlpapi

GetAdaptersInfo

wininet

InternetQueryDataAvailable
InternetReadFile

crypt32

CryptStringToBinaryA

Sections

.text
Size: 421KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
47b9dad239cf3c013c33a9a11c226380ce116ab648e4656a8ee6ece9c5de975e
.exe windows:6 windows x86

6f1afb521158f9e8201d86952c5e32ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

EnumDisplayDevicesA
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

advapi32

GetCurrentHwProfileW

gdi32

BitBlt

shlwapi

PathFileExistsW

winhttp

WinHttpCloseHandle

iphlpapi

GetAdaptersInfo

wininet

InternetQueryDataAvailable

crypt32

CryptStringToBinaryA

wtsapi32

WTSSendMessageW

Sections

.text
Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
55f94b2a4b51aed5b8cbd11fcf00431511dc2b94992419aa9c43e480f4308ea1
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 353KB - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7cd22ca3d077e3422a5677452795d9024e3eb23dd700aebd83092d651dc98b05
.exe windows:6 windows x86

94cd17a90636cb267d691bb44bc51094

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CompareStringW
CreateDirectoryW
CreateFileA
CreateFileW
CreateProcessW
DecodePointer
DeleteCriticalSection
DeleteFileW
EncodePointer
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameExA
GetComputerNameW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeW
GetEnvironmentStringsW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetVolumeInformationW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
RtlUnwind
SetEndOfFile
SetEnvironmentVariableW
SetFilePointerEx
SetFileTime
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
WideCharToMultiByte
WinExec
WriteConsoleW
WriteFile
lstrcatW
lstrcmpW
lstrcmpiW
lstrlenW

user32

EnumDisplayDevicesA
GetDC
GetDesktopWindow
GetSystemMetrics
ReleaseDC
SystemParametersInfoW
wsprintfW

advapi32

GetCurrentHwProfileW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
DeleteDC
DeleteObject
GetDIBits
GetObjectW
SelectObject

shlwapi

PathFileExistsW

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest

iphlpapi

GetAdaptersInfo

wininet

InternetQueryDataAvailable
InternetReadFile

crypt32

CryptStringToBinaryA

Sections

.text
Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
88bbd0f57e69711c2946e3c3212b95c4e8b92ef530eaa66204b322e2bc95a2ec
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 421KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8f44d889a1ae0efd6ea86e8a6c0edf3c32aaf5164f47fcc8f77a5bbf5daa823b
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 421KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9d7b26554a8056dcfc1e42a1643c526cbc9dc1a4e9e5c5f7d67d0e5ae5ecad16
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d3e16557e8e06f69240005429cc7440580fa11e4064699576a18d8dcddf1701a
.exe windows:6 windows x86

b253374c3d14aae7859d7d92a03978fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CompareStringW
CreateFileA
CreateFileW
CreateProcessW
DecodePointer
DeleteCriticalSection
DeleteFileW
EncodePointer
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameExA
GetComputerNameW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeW
GetEnvironmentStringsW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetVolumeInformationW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
RtlUnwind
SetEndOfFile
SetEnvironmentVariableW
SetFilePointerEx
SetFileTime
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
WideCharToMultiByte
WinExec
WriteConsoleW
WriteFile
lstrcatW
lstrcmpW
lstrcmpiW
lstrlenW

user32

EnumDisplayDevicesA
GetDC
GetDesktopWindow
GetSystemMetrics
ReleaseDC
SystemParametersInfoW
wsprintfW

advapi32

GetCurrentHwProfileW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
DeleteDC
DeleteObject
GetDIBits
GetObjectW
SelectObject

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest

iphlpapi

GetAdaptersInfo

wininet

InternetQueryDataAvailable
InternetReadFile

crypt32

CryptStringToBinaryA

Sections

.text
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ea6ec9be3aea67056e4564a9b3ce8d6e92eda54db32e710043de98d7d65ffd54
.exe windows:6 windows x86

7e2df31d3619106ad25b94113e9b63d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CompareStringW
CreateFileA
CreateFileW
CreateProcessW
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameExA
GetComputerNameW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeW
GetEnvironmentStringsW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetVolumeInformationW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
RtlUnwind
SetEndOfFile
SetEnvironmentVariableW
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WideCharToMultiByte
WinExec
WriteConsoleW
WriteFile
lstrcatW
lstrcmpW
lstrcmpiW
lstrlenW

user32

EnumDisplayDevicesA
GetDC
GetDesktopWindow
GetSystemMetrics
ReleaseDC
SystemParametersInfoW
wsprintfW

advapi32

GetCurrentHwProfileW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
DeleteDC
DeleteObject
GetDIBits
GetObjectW
SelectObject

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest

iphlpapi

GetAdaptersInfo

wininet

InternetQueryDataAvailable
InternetReadFile

crypt32

CryptStringToBinaryA

Sections

.text
Size: 410KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ed73681370e545e14bde32a792d1a1937acb9b83958c5c5e8b1451b55a2d7d6b
.exe windows:6 windows x86

b253374c3d14aae7859d7d92a03978fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CompareStringW
CreateFileA
CreateFileW
CreateProcessW
DecodePointer
DeleteCriticalSection
DeleteFileW
EncodePointer
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameExA
GetComputerNameW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeW
GetEnvironmentStringsW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetVolumeInformationW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
RtlUnwind
SetEndOfFile
SetEnvironmentVariableW
SetFilePointerEx
SetFileTime
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
WideCharToMultiByte
WinExec
WriteConsoleW
WriteFile
lstrcatW
lstrcmpW
lstrcmpiW
lstrlenW

user32

EnumDisplayDevicesA
GetDC
GetDesktopWindow
GetSystemMetrics
ReleaseDC
SystemParametersInfoW
wsprintfW

advapi32

GetCurrentHwProfileW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
DeleteDC
DeleteObject
GetDIBits
GetObjectW
SelectObject

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest

iphlpapi

GetAdaptersInfo

wininet

InternetQueryDataAvailable
InternetReadFile

crypt32

CryptStringToBinaryA

Sections

.text
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

94cd17a90636cb267d691bb44bc51094

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

shlwapi

winhttp

iphlpapi

wininet

crypt32

Sections

.text Size: 421KB - Virtual size: 420KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 8KB - Virtual size: 8KB

.reloc Size: 9KB - Virtual size: 9KB

6f1afb521158f9e8201d86952c5e32ca

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

shlwapi

winhttp

iphlpapi

wininet

crypt32

wtsapi32

Sections

.text Size: 424KB - Virtual size: 424KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 12KB - Virtual size: 12KB

.vmp0 Size: 3.1MB - Virtual size: 3.1MB

.vmp1 Size: 5.7MB - Virtual size: 5.7MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 353KB - Virtual size: 353KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 6KB - Virtual size: 6KB

.reloc Size: 8KB - Virtual size: 7KB

94cd17a90636cb267d691bb44bc51094

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

shlwapi

winhttp

iphlpapi

wininet

crypt32

Sections

.text Size: 424KB - Virtual size: 424KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 12KB - Virtual size: 12KB

.reloc Size: 12KB - Virtual size: 12KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 421KB - Virtual size: 420KB

.text
Size: 421KB - Virtual size: 420KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 8KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 424KB - Virtual size: 424KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 12KB - Virtual size: 12KB

.vmp0
Size: 3.1MB - Virtual size: 3.1MB

.vmp1
Size: 5.7MB - Virtual size: 5.7MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 353KB - Virtual size: 353KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 6KB - Virtual size: 6KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 424KB - Virtual size: 424KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 12KB - Virtual size: 12KB

.text
Size: 421KB - Virtual size: 420KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 8KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 421KB - Virtual size: 420KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 8KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 428KB - Virtual size: 427KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 8KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 440KB - Virtual size: 440KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 12KB - Virtual size: 12KB

.text
Size: 410KB - Virtual size: 409KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 8KB

.reloc
Size: 9KB - Virtual size: 8KB