Malware-Lua-1[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Malware-Lua-1.zip
Size

176KB
MD5

2a0865b279a1ba5bb9507e179eb68a59
SHA1

9f284dc5cec8bcadbee536592d372f3da3a77fa3
SHA256

66a9a205fb773fe766a08b1acf8f71d0ce77d5c837fb000ca96a768a24a2873d
SHA512

d23cdad99eaea86aec01f096d1b6cc5e88359b983a6764218637792bfd158c456407cd13c3466315c0d95fa3f7e19c8fb66e767dcb1b4065cd2fc6a7259e9f57
SSDEEP

3072:xPyUbIbnoEgGgwTz2DfTanR8dr0S++5dglcgumlDswnJ8DJVpfzexf8Y/pBOd1XS:p7GRzo0auCfghJ8Zfzev/LMaC8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/meltdown.exe

Files

Malware-Lua-1.zip
.zip
Lometsim.ini
Run-Lua-1.bat
meltdown.exe
.exe windows:4 windows x86

07eb46c737220d993860bfd9ea99f600

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

sensapi

IsNetworkAlive

advapi32

AdjustTokenPrivileges
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptGenRandom
CryptGetHashParam
CryptHashData
CryptImportKey
CryptReleaseContext
CryptSetKeyParam
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegDeleteKeyValueW
RegDeleteTreeW
RegGetValueW
RegOpenKeyExW
RegSetKeyValueW

comctl32

DefSubclassProc
ImageList_Create
ImageList_Destroy
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetImageCount
InitCommonControlsEx
RemoveWindowSubclass
SetWindowSubclass

comdlg32

ChooseColorA
ChooseFontW
GetOpenFileNameW
GetSaveFileNameW

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateContext
CertOpenStore
CryptBinaryToStringA
CryptDecodeObjectEx
CryptStringToBinaryA
PFXImportCertStore

dnsapi

DnsFree
DnsQuery_A

dwmapi

DwmGetWindowAttribute

gdi32

AddFontResourceExW
CreateBitmap
CreateDIBSection
CreateFontIndirectW
CreateSolidBrush
DeleteObject
EnumFontFamiliesExW
ExtFloodFill
GetDeviceCaps
GetObjectA
GetObjectW
GetStockObject
RemoveFontResourceW
SelectObject
SetBkMode
SetTextColor

iphlpapi

GetAdaptersAddresses

kernel32

AllocConsole
Beep
CloseHandle
CompareFileTime
CopyFileW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
CreatePipe
CreateProcessW
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstFileW
FindNextFileW
FormatMessageA
FreeLibrary
GetConsoleCursorInfo
GetConsoleDisplayMode
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleTitleW
GetConsoleWindow
GetCurrentConsoleFontEx
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetFileSizeEx
GetFileTime
GetFullPathNameW
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetTickCount64
GetTickCount
GetTimeFormatW
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFree
MoveFileW
MulDiv
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleW
ReadFile
RemoveDirectoryW
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleDisplayMode
SetConsoleMode
SetConsoleOutputCP
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetConsoleTitleW
SetCurrentConsoleFontEx
SetCurrentDirectoryW
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

___mb_cur_max_func
__argc
__doserrno
__getmainargs
__initenv
__lconv_init
__p___argv
__p__acmdln
__p__fmode
__pioinfo
__set_app_type
__setusermatherr
__wgetmainargs
_amsg_exit
_cexit
_errno
_exit
_filelengthi64
_fileno
_get_osfhandle
_initterm
_iob
_kbhit
_localtime64
_lock
_lseeki64
_onexit
_setjmp3
_setmode
_snprintf
_snwprintf
_strdup
_telli64
_time64
_unlock
_vsnprintf
_waccess
_wcsdup
_wcsdup
_wfopen
_wfopen_s
_wfreopen_s
_wgetenv
_wputenv
_wremove
_write
_wstat64
_wutime
abort
abs
acos
asin
atoi
clock
calloc
cosh
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fgetwc
fgetws
fopen
fprintf
fputc
fputs
fputwc
fputws
fread
free
freopen
frexp
fseek
fsetpos
fwprintf
fwrite
getc
getenv
isalnum
isdigit
iswctype
localeconv
log10
longjmp
malloc
memchr
mktime
memcmp
memcpy
memmove
memset
printf
puts
raise
realloc
setlocale
setvbuf
signal
sinh
sscanf
strchr
strcmp
strcoll
strcpy
strerror
strlen
strncmp
strncpy
strrchr
strpbrk
strspn
strstr
time
tan
tanh
toupper
vfprintf
wcschr
wcscmp
wcscpy
wcslen
wcsncpy

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VarDateFromStr
VariantChangeType
VariantClear
VariantInit
VariantTimeToSystemTime

secur32

AcceptSecurityContext
AcquireCredentialsHandleA
DecryptMessage
DeleteSecurityContext
EncryptMessage
FreeContextBuffer
FreeCredentialsHandle
InitializeSecurityContextA
QueryContextAttributesA

shell32

DuplicateIcon
ExtractIconExW
SHBrowseForFolderW
SHFileOperationW
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListW
Shell_NotifyIconW

shlwapi

PathFindExtensionW
PathFindFileNameA
PathFindFileNameW
PathIsRelativeW
PathRemoveFileSpecW

user32

AdjustWindowRectEx
AppendMenuW
BeginPaint
BringWindowToTop
CallWindowProcA
CharLowerBuffW
CharUpperBuffW
ChildWindowFromPoint
CloseClipboard
CopyAcceleratorTableW
CreateAcceleratorTableW
CreateIconFromResourceEx
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExW
DefWindowProcA
DeleteMenu
DestroyAcceleratorTable
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DrawMenuBar
DrawTextW
EmptyClipboard
EnableWindow
EndPaint
EnumChildWindows
ExitWindowsEx
FillRect
GetActiveWindow
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetFocus
GetForegroundWindow
GetKeyboardLayout
GetMenuItemCount
GetMenuItemInfoW
GetMessagePos
GetParent
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetWindowDC
GetWindowLongA
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
HideCaret
InsertMenuItemW
InvalidateRect
IsDialogMessageW
IsWindowEnabled
IsWindowVisible
LoadCursorA
LoadIconA
MapWindowPoints
MessageBoxA
MessageBoxW
MoveWindow
OpenClipboard
PeekMessageA
PostMessageA
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassExA
ReleaseDC
RemoveMenu
ScreenToClient
SendMessageA
SendMessageW
SetActiveWindow
SetClassLongA
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuInfo
SetMenuItemInfoW
SetWindowLongA
SetWindowPos
SetWindowTextA
SetWindowTextW
ShowScrollBar
ShowWindow
TrackPopupMenu
TranslateAcceleratorW
TranslateMessage
UpdateWindow
VkKeyScanExW
keybd_event

uxtheme

CloseThemeData
GetThemeColor
OpenThemeData
SetWindowTheme

wininet

FtpCommandW
FtpCreateDirectoryW
FtpDeleteFileW
FtpFindFirstFileW
FtpGetCurrentDirectoryW
FtpGetFileW
FtpPutFileW
FtpRemoveDirectoryW
FtpRenameFileW
FtpSetCurrentDirectoryW
HttpAddRequestHeadersA
HttpEndRequestA
HttpOpenRequestW
HttpQueryInfoA
HttpSendRequestExA
HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetCrackUrlW
InternetFindNextFileW
InternetGetLastResponseInfoA
InternetOpenA
InternetReadFile
InternetSetOptionA
InternetWriteFile

ws2_32

WSAAddressToStringA
WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
gethostname
getnameinfo
htonl
htons
inet_addr
inet_ntoa
inet_ntop
inet_pton
ioctlsocket
listen
ntohs
recv
select
send
shutdown
socket

Sections

.text
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
nuclear.aul

Sharing

General

Malware Config

Signatures

Files

07eb46c737220d993860bfd9ea99f600

Headers

DLL Characteristics

File Characteristics

Imports

sensapi

advapi32

comctl32

comdlg32

crypt32

dnsapi

dwmapi

gdi32

iphlpapi

kernel32

msvcrt

ole32

oleaut32

secur32

shell32

shlwapi

user32

uxtheme

wininet

ws2_32

Sections

.text Size: 302KB - Virtual size: 302KB

.data Size: 3KB - Virtual size: 3KB

.rdata Size: 35KB - Virtual size: 34KB

.bss Size: - Virtual size: 3KB

.idata Size: 14KB - Virtual size: 14KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 302KB - Virtual size: 302KB

.data
Size: 3KB - Virtual size: 3KB

.rdata
Size: 35KB - Virtual size: 34KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 14KB - Virtual size: 14KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 6KB - Virtual size: 5KB