liquidlauncher[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

liquidlauncher.exe
Size

12.8MB
MD5

954fe62b50264fda9f8286f87e405aad
SHA1

61edfa0560a43d1f35339c6d4d049332f04cae13
SHA256

49d20b7511037b78f5cbe5586c0796352341bd46d2d677d1e072d703b349a41f
SHA512

a0a0b12a6534e4e7ffb91b3a3ea9615e76996b4b98f481d3789fbe729c43a768fff75ef072522caec7012c62042f5710ed8f4539bf5cf39e000e042de89282a2
SSDEEP

98304:TtimX/uPKBX+5Xr7dQXCpFW0Ah+jvoyYMEXNuCPDCyrAtDZ/8:I2+cXmW0AcoyS9sZDS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
liquidlauncher.exe

Files

liquidlauncher.exe
.exe windows:6 windows x64 arch:x64

80f8de27780b971b2d04acb20878677d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtWriteFile
RtlVirtualUnwind
RtlLookupFunctionEntry
NtReadFile
RtlCaptureContext
NtQuerySystemInformation
NtQueryInformationProcess
RtlUnwindEx
RtlGetNtVersionNumbers
NtCreateFile
NtCancelIoFileEx
RtlNtStatusToDosError
RtlGetVersion
RtlPcToFileHeader
NtDeviceIoControlFile

kernel32

lstrlenW
GetModuleHandleW
SetEnvironmentVariableW
GetCurrentThreadId
UnhandledExceptionFilter
GetProcessHeap
SetUnhandledExceptionFilter
FindClose
IsProcessorFeaturePresent
InitializeSListHead
LoadLibraryExW
IsDebuggerPresent
RaiseException
GetCommandLineW
GetUserDefaultLocaleName
OutputDebugStringW
CreateDirectoryW
FindNextFileW
RemoveDirectoryW
WaitForSingleObject
GetExitCodeProcess
SetFilePointerEx
SetFileInformationByHandle
SetFileTime
AddVectoredExceptionHandler
SetThreadStackGuarantee
FormatMessageW
WideCharToMultiByte
OutputDebugStringA
LCIDToLocaleName
GetUserDefaultUILanguage
UnregisterWaitEx
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
LoadLibraryExA
GetProcAddress
FreeLibrary
GetModuleHandleA
EncodePointer
GetSystemInfo
Sleep
SleepConditionVariableSRW
WakeConditionVariable
WakeAllConditionVariable
CloseHandle
TryAcquireSRWLockExclusive
SwitchToThread
DeleteCriticalSection
CloseThreadpoolTimer
PostQueuedCompletionStatus
GlobalUnlock
GlobalLock
GlobalAlloc
CreatePipe
WaitForThreadpoolTimerCallbacks
LoadLibraryW
LocalFree
GetProcessIoCounters
GetSystemTimes
InitializeCriticalSectionAndSpinCount
GetLastError
SetThreadpoolTimerEx
CreateThreadpoolTimer
ReleaseSRWLockShared
TlsAlloc
VirtualQueryEx
ReadProcessMemory
OpenProcess
GetProcessTimes
DeviceIoControl
GetVolumeInformationW
GetDriveTypeW
TlsGetValue
GetDiskFreeSpaceExW
AcquireSRWLockShared
ReleaseSRWLockExclusive
GetLogicalDrives
GetProcessId
GetCurrentThread
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
SetLastError
QueryPerformanceFrequency
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
GetFinalPathNameByHandleW
FindFirstFileW
AcquireSRWLockExclusive
HeapReAlloc
HeapFree
HeapAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
TlsFree
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
ExitProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
DeleteFileW
MoveFileExW
CreateSymbolicLinkW
CreateHardLinkW
SetFileAttributesW
CopyFileExW
SetHandleInformation
GlobalMemoryStatusEx
GetTickCount64
TlsSetValue
RegisterWaitForSingleObject
CreateNamedPipeW

user32

GetClipCursor
SetWindowLongW
CloseClipboard
RegisterClipboardFormatW
SetClipboardData
CreateMenu
AppendMenuW
GetClipboardData
RegisterClassExW
VkKeyScanW
CreateIcon
GetSystemMenu
GetMessageA
DispatchMessageA
AdjustWindowRectEx
ClipCursor
ToUnicodeEx
GetKeyboardLayout
DestroyIcon
SetMenuItemInfoW
CreateAcceleratorTableW
OpenClipboard
RegisterHotKey
DestroyAcceleratorTable
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
ShowWindow
RedrawWindow
GetClientRect
GetKeyboardState
EnumChildWindows
RegisterWindowMessageA
RegisterTouchWindow
GetSystemMetrics
IsWindow
IsProcessDPIAware
EnableMenuItem
InvalidateRgn
SetWindowPlacement
UnregisterHotKey
GetDC
CheckMenuItem
ChangeDisplaySettingsExW
PostQuitMessage
SystemParametersInfoA
ShowCursor
GetUpdateRect
ValidateRect
GetRawInputData
GetMonitorInfoW
EmptyClipboard
SetWindowPos
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
DestroyWindow
TrackMouseEvent
SetCapture
MonitorFromRect
GetWindowPlacement
GetWindowLongW
GetCursorPos
DefWindowProcW
TranslateAcceleratorW
GetAncestor
RegisterRawInputDevices
SetWindowLongPtrW
CreateWindowExW
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
SetCursor
LoadCursorW
SetCursorPos
GetWindowTextW
SetWindowDisplayAffinity
EnumDisplayMonitors
GetWindowTextLengthW
SendInput
MapVirtualKeyW
SetForegroundWindow
GetForegroundWindow
MonitorFromPoint
SetWindowTextW
IsIconic
IsWindowVisible
GetWindowRect
MonitorFromWindow
ClientToScreen
GetMenu
ReleaseCapture
GetWindowLongPtrW
FlashWindowEx
GetActiveWindow
SendMessageW
SetMenu
PostMessageW

ole32

CoSetProxyBlanket
CoInitializeEx
RevokeDragDrop
CoInitializeSecurity
OleInitialize
CoTaskMemFree
CoCreateInstance
RegisterDragDrop
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemAlloc

comctl32

SetWindowSubclass
DefSubclassProc
RemoveWindowSubclass
TaskDialogIndirect

shell32

SHCreateItemFromParsingName
DragFinish
DragQueryFileW
ShellExecuteW
SHGetKnownFolderPath
CommandLineToArgvW
SHAppBarMessage

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow
DwmSetWindowAttribute

crypt32

CertDuplicateStore
CertGetCertificateChain
CertAddCertificateContextToStore
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertOpenStore
CertDuplicateCertificateContext
CertCloseStore
CertDuplicateCertificateChain
CertFreeCertificateContext
CertEnumCertificatesInStore

pdh

PdhCloseQuery
PdhRemoveCounter
PdhOpenQueryA
PdhCollectQueryData
PdhAddEnglishCounterW
PdhGetFormattedCounterValue

ws2_32

WSAIoctl
getsockopt
bind
recv
setsockopt
connect
ioctlsocket
WSASocketW
getpeername
WSAGetLastError
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
getsockname
closesocket
WSASend
send
shutdown

advapi32

GetLengthSid
CopySid
LookupAccountSidW
OpenProcessToken
GetTokenInformation
RegCloseKey
SystemFunction036
RegQueryValueExW
RegOpenKeyExW
IsValidSid
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW

bcrypt

BCryptGenRandom

secur32

LsaEnumerateLogonSessions
AcquireCredentialsHandleA
LsaGetLogonSessionData
LsaFreeReturnBuffer
QueryContextAttributesW
DecryptMessage
InitializeSecurityContextW
ApplyControlToken
AcceptSecurityContext
DeleteSecurityContext
FreeCredentialsHandle
FreeContextBuffer
EncryptMessage

oleaut32

SysAllocString
SetErrorInfo
SysFreeString
SysStringLen
GetErrorInfo
VariantClear

psapi

GetPerformanceInfo
GetModuleFileNameExW

iphlpapi

GetAdaptersAddresses
FreeMibTable
GetIfTable2
GetIfEntry2

netapi32

NetUserGetLocalGroups
NetApiBufferFree
NetUserGetInfo
NetUserEnum

powrprof

CallNtPowerInformation

uxtheme

SetWindowTheme

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp
wcslen
_wcsicmp
strlen

api-ms-win-crt-math-l1-1-0

__setusermatherr
round
floor
pow
trunc

api-ms-win-crt-runtime-l1-1-0

exit
_initterm_e
_exit
_seh_filter_exe
strerror
_initterm
__p___argc
_set_app_type
__p___argv
_cexit
_c_exit
_wassert
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_initialize_narrow_environment
abort
_configure_narrow_argv
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

calloc
_set_new_mode
malloc
_callnewh
free

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80f8de27780b971b2d04acb20878677d

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

ole32

comctl32

shell32

gdi32

dwmapi

crypt32

pdh

ws2_32

advapi32

bcrypt

secur32

oleaut32

psapi

iphlpapi

netapi32

powrprof

uxtheme

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 9.0MB - Virtual size: 9.0MB

.rdata Size: 3.4MB - Virtual size: 3.4MB

.data Size: 17KB - Virtual size: 21KB

.pdata Size: 384KB - Virtual size: 384KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 50KB - Virtual size: 49KB

.text
Size: 9.0MB - Virtual size: 9.0MB

.rdata
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 17KB - Virtual size: 21KB

.pdata
Size: 384KB - Virtual size: 384KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 50KB - Virtual size: 49KB