Lpm[.]exe[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Lpm.exe.7z
Size

69.4MB
MD5

ca58862ac598d0fe2fa4f5b3d7f3ec2b
SHA1

a022f55ac93df128e245cd62076367a7d1297800
SHA256

d98c3e447e1ae24c92183baa4a648b2273f715948eb48bc4c07bdb1b0830f9ec
SHA512

d07768edba618c81d41a901fb89479584da71a3cb6b421683c4ff18aee63361839f57281738537eb4b5cd30f1394fdb0eb4951a5243cd40635548891364bfbcf
SSDEEP

1572864:szDnsO3tqM7+40+851GG2GKRTjMj0Pt5J2w2UFA:I9qM7s5152dFooPt5YdK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Lpm.exe

Files

Lpm.exe.7z
.7z

Password: infected
Lpm.exe
.exe windows:4 windows x64

96c44fa1eee2c4e9b9e77d7bf42d59e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

winmm

timeEndPeriod
timeBeginPeriod

ws2_32

WSAGetOverlappedResult

kernel32

WriteFile
WriteConsoleW
WaitForSingleObject
VirtualFree
VirtualAlloc
SwitchToThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
LoadLibraryA
LoadLibraryW
GetSystemInfo
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 9.7MB - Virtual size: 9.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 67.6MB - Virtual size: 67.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 1022B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE