Static task
static1
General
-
Target
3e0d39-LUA (1).zip
-
Size
897KB
-
MD5
3b2bcb4a8e809daed7d07575a23e4c89
-
SHA1
58927bdbef5bd675d72bcd741d315a3c83488b98
-
SHA256
8b184325ae71b711bf657ce72b2670a4d0d41b7f66374b6218f7c5386ba7a089
-
SHA512
516697a24940a4bd34b8d61f5debdc46b8cdfc7466c60d744d22611f62e621e777015d7f6c90055adacec057a5fac1251709816e9bcfc392d8cb6ef62c63067c
-
SSDEEP
24576:Od/m2cjXE/Qi7dVQsYCDpRp0Jopz13HQxljVxctlc8d:JjX45VDYCDpRGJuz13HmEL9
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/LUA.asi
Files
-
3e0d39-LUA (1).zip.zip
-
LUA.asi.dll windows:6 windows x64 arch:x64
a1fa62d6c5a506e816b49402bbbcc92e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
scripthookv
?scriptRegister@@YAXPEAUHINSTANCE__@@P6AXXZ@Z
?nativeCall@@YAPEA_KXZ
?nativeInit@@YAX_K@Z
?nativePush64@@YAX_K@Z
?scriptWait@@YAXK@Z
kernel32
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
CreateFileA
GetLastError
CloseHandle
FreeLibrary
FormatMessageA
GetProcAddress
GetModuleFileNameA
LoadLibraryExA
EncodePointer
GetCurrentThreadId
user32
GetAsyncKeyState
msvcr120
_findnext64i32
_findclose
_mkdir
_utime64
_rmdir
_chdir
_fileno
_findfirst64i32
_setmode
ftell
_getcwd
fseek
memmove
__iob_func
printf
fprintf
_purecall
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
feof
strstr
fflush
fopen
fread
ferror
freopen
realloc
fclose
getc
isalnum
isdigit
fwrite
toupper
strspn
strchr
fgets
abort
longjmp
fscanf
tmpfile
_ftelli64
_pclose
ungetc
_fseeki64
_popen
setvbuf
clearerr
memcpy
modf
ldexp
rand
_errno
frexp
_HUGE
strrchr
getenv
strtod
strpbrk
rename
tanh
_gmtime64
tmpnam
system
remove
clock
strftime
setlocale
_localtime64
_difftime64
_time64
exit
isgraph
isspace
memchr
ispunct
tolower
isalpha
isupper
iscntrl
islower
isxdigit
strcoll
_wassert
strncat
_lock
_unlock
_calloc_crt
__dllonexit
__C_specific_handler
_onexit
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCapturePreviousContext
__CxxFrameHandler3
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
strerror
malloc
_stat64
free
_locking
srand
sprintf
memset
pow
sin
sinh
sqrt
tan
localeconv
_mktime64
_CxxThrowException
_setjmp
acos
asin
atan
atan2
ceil
cos
cosh
exp
floor
fmod
log
log10
memcmp
msvcp120
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z
Sections
.text Size: 2.7MB - Virtual size: 2.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 547KB - Virtual size: 547KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 163KB - Virtual size: 162KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 1012B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
scripts/addins/basemodule.lua
-
scripts/addins/exampleGUI.lua
-
scripts/keys.lua
-
scripts/libs/GUI.lua
-
scripts/main.lua
-
scripts/utils.lua.js