LadaCuScule-6[.]116[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

LadaCuScule-6.116.exe
Size

2.0MB
MD5

a50bdda0f8b33cb1cfd55fe8c3635422
SHA1

b9ebcf52a56d42d652fc2499025b42562a5923e1
SHA256

fb95ee5e63f5c148ebc2307d007fda87d0ae1abdc72aeef9b082234291273b1e
SHA512

9685d3090d2456a15ce4b4056cdf4bb14e6cb0016f5669540b66344b743ea8d03d83883e9e7138687f68b060bd59650844493867aeb0622b41dce35d5900da96
SSDEEP

49152:Qs15knd4YXi2mLeeENoF9zoUbxfr3DzWAnaf:jud7XRaKNo/3FfrWAaf

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/ExecDos.dll
unpack001/$PLUGINSDIR/LcS.exe
unpack001/$PLUGINSDIR/NScurl.dll
unpack001/$PLUGINSDIR/NSutils.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PROGRAMFILES64/LadaCuScule/LcS.exe

Files

LadaCuScule-6.116.exe
.exe windows:4 windows x86 arch:x86

0dab563eb233c2f8e96c29614e10199f

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:fd:ad:ac:05:be:80:71:bc:dd:8b:eb:fa:02:15:9d
Certificate

Issuer

CN=Negruțiu Root Certificate Authority - G1,O=Marius Negruțiu

Not Before

14/10/2023, 11:20

Not After

14/10/2026, 11:20

Subject

CN=Marius Negruțiu,O=Marius Negruțiu,1.2.840.113549.1.9.1=#0c1e6d61726975732e6e656772757469754070726f746f6e6d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

35:0a:aa:09:f9:fc:6b:85:4d:46:ca:b9:ca:0f:0f:c9
Certificate

Issuer

CN=Negruțiu Root Certificate Authority - G2,O=Marius Negruțiu

Not Before

14/10/2023, 11:23

Not After

14/10/2026, 11:23

Subject

CN=Marius Negruțiu,O=Marius Negruțiu,1.2.840.113549.1.9.1=#0c1e6d61726975732e6e656772757469754070726f746f6e6d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c2:18:2b:d4:88:e8:87:79:a9:14:55:92:04:2b:a3:d3:a7:f4:0f:fd:a6:be:8a:0b:e5:d0:27:f6:43:3c:b7:d5
Signer

Actual PE Digest

c2:18:2b:d4:88:e8:87:79:a9:14:55:92:04:2b:a3:d3:a7:f4:0f:fd:a6:be:8a:0b:e5:d0:27:f6:43:3c:b7:d5

Digest Algorithm

sha256

PE Digest Matches

true

8f:71:11:9e:99:50:3a:93:42:e1:22:bf:ff:d8:06:3d:36:01:1d:e4
Signer

Actual PE Digest

8f:71:11:9e:99:50:3a:93:42:e1:22:bf:ff:d8:06:3d:36:01:1d:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectW
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CompareStringW
CopyFileW
CreateDirectoryW
CreateFileW
CreateProcessW
CreateThread
DeleteFileW
ExitProcess
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetDiskFreeSpaceW
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLastError
GetLocalTime
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetShortPathNameW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetTickCount
GetVersionExW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
LoadLibraryExW
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryW
SearchPathW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetFileAttributesW
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
lstrcatW
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpyA
lstrcpynW
lstrlenA
lstrlenW

ole32

CoCreateInstance
CoTaskMemFree
IIDFromString
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderW
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
ShellExecuteExW

user32

AppendMenuW
BeginPaint
CallWindowProcW
CharNextA
CharNextW
CharPrevW
CheckDlgButton
CloseClipboard
CreateDialogParamW
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExW
GetAsyncKeyState
GetClassInfoW
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextW
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongW
GetWindowRect
InvalidateRect
IsDlgButtonChecked
IsWindow
IsWindowEnabled
IsWindowVisible
LoadCursorW
LoadImageW
MessageBoxIndirectW
OpenClipboard
PeekMessageW
PostQuitMessage
RegisterClassW
ReleaseDC
ScreenToClient
SendMessageTimeoutW
SendMessageW
SetClassLongW
SetClipboardData
SetCursor
SetDlgItemTextW
SetForegroundWindow
SetTimer
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
TrackPopupMenu
wsprintfA
wsprintfW
wvsprintfW

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 245KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/ExecDos.dll
.dll windows:4 windows x86 arch:x86

407cd5d8fd5e0edf06b1cd7a10f44333

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileW
CreatePipe
CreateProcessW
CreateThread
DuplicateHandle
FlushFileBuffers
GetCurrentProcess
GetExitCodeProcess
GetExitCodeThread
GetModuleHandleW
GetProcAddress
GlobalAlloc
GlobalFree
MultiByteToWideChar
PeekNamedPipe
ReadFile
Sleep
TerminateProcess
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcatW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW

user32

FindWindowExW
GetClassNameW
GetDlgItem
SendMessageW
wsprintfW

Exports

Exports

exec
isdone
wait

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 20B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 99B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LcS.exe
.exe windows:6 windows x64 arch:x64

24e172ffe8fbd921ca04ab7be37e4be7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

wvnsprintfW
wvnsprintfA

kernel32

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
EnterCriticalSection
CloseHandle
HeapAlloc
HeapReAlloc
GetLastError
WriteFile
SetFilePointer
CreateFileW
CreateDirectoryW
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
MoveFileW
DeleteFileW
GetFinalPathNameByHandleW
GetFileSize
CreateThreadpoolTimer
SetThreadpoolTimer
lstrlenA
GetLocalTime
WideCharToMultiByte
GetCurrentProcessId
ProcessIdToSessionId
GetProcAddress
GlobalMemoryStatusEx
GetPhysicallyInstalledSystemMemory
GetModuleFileNameW
FreeLibrary
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LoadLibraryW
GetSystemDirectoryW
FormatMessageW
CreateEventW
SetEvent
WaitForSingleObjectEx
FlushFileBuffers
LeaveCriticalSection
DeleteCriticalSection
HeapFree
GetProcessHeap
SetLastError
ExitProcess
GetModuleHandleW
GetCommandLineW
GetTickCount

advapi32

ControlService
NotifyServiceStatusChangeW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NScurl.dll
.dll windows:4 windows x86 arch:x86

bc0a86c071d564a58b9bd881d1b06a6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA

kernel32

CloseHandle
CompareFileTime
CompareStringA
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileW
CreateThread
DeleteCriticalSection
EnterCriticalSection
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileW
FindResourceExW
FormatMessageW
FreeLibrary
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileSize
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LockResource
MoveFileExA
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleA
ReadConsoleW
ReadFile
ResetEvent
SetConsoleMode
SetEvent
SetFilePointer
SetLastError
SizeofResource
Sleep
SleepEx
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrcmpiW
lstrcpyW
lstrcpynA
lstrcpynW
lstrlenA
lstrlenW

msvcrt

__mb_cur_max
_access
_assert
_beginthreadex
_close
_errno
_exit
_fdopen
_filelengthi64
_fileno
_fileno
_fstati64
_iob
_lock
_onexit
_open
_setmode
_snprintf
_snwprintf
_stat
_stati64
_read
_strdup
_strdup
_stricmp
_strnicmp
_sys_errlist
_sys_nerr
_unlink
_unlock
_vsnprintf
_vsnwprintf
_wfopen
_write
abort
atexit
atoi
calloc
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwrite
getc
gmtime
getenv
islower
isspace
isupper
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
qsort
raise
realloc
setlocale
setvbuf
signal
sprintf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
time
tolower
ungetc
wcscat
wcscpy
wcslen
wcsstr
wcstombs

user32

CallWindowProcW
CopyRect
CreateDialogParamW
CreateWindowExW
DestroyIcon
DestroyWindow
DispatchMessageW
EnableMenuItem
EnableWindow
FindWindowExW
GetDesktopWindow
GetDlgItem
GetProcessWindowStation
GetPropW
GetSystemMenu
GetSystemMetrics
GetUserObjectInformationW
GetWindow
GetWindowLongW
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
IsDialogMessageW
IsWindow
IsWindowEnabled
IsWindowVisible
LoadImageW
MessageBoxW
MsgWaitForMultipleObjects
OffsetRect
PeekMessageW
RemovePropW
ScreenToClient
SendDlgItemMessageW
SendMessageW
SetForegroundWindow
SetPropW
SetRectEmpty
SetWindowLongW
SetWindowPos
SetWindowTextW
TranslateMessage
wsprintfW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetEvent
WSASetLastError
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
getpeername
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohs
recv
select
send
setsockopt
socket

Exports

Exports

cancel
echo
enumerate
escape
http
md5
query
sha1
sha256
unescape
wait

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 516KB - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 231B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSutils.dll
.dll windows:4 windows x86 arch:x86

4a5f1e9db241769c458c773a2523aba4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

gdi32

BitBlt
CreateCompatibleDC
CreateDIBSection
CreateSolidBrush
DeleteDC
DeleteObject
GetObjectW
GetPixel
GetStockObject
SelectObject

kernel32

BeginUpdateResourceA
BeginUpdateResourceW
CloseHandle
CompareStringW
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileW
DeviceIoControl
EndUpdateResourceW
EnterCriticalSection
EnumResourceLanguagesW
EnumResourceNamesW
EnumResourceTypesW
FindResourceExW
FreeLibrary
GetCurrentProcess
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemDirectoryW
GetVersion
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LockResource
MoveFileExW
MultiByteToWideChar
OpenProcess
QueryDosDeviceW
ReadFile
SetFileAttributesW
SetFilePointer
SetLastError
SizeofResource
Sleep
TerminateThread
TlsGetValue
UpdateResourceW
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenA
lstrlenW

msvcrt

_amsg_exit
_initterm
_iob
_lock
_snwprintf
_unlock
_vsnwprintf
abort
calloc
free
fwrite
realloc
strlen
strncmp
vfprintf

ole32

CoCreateInstance
CoInitialize
CoUninitialize
OleInitialize
OleUninitialize

oleaut32

OleLoadPicturePath

user32

CallNextHookEx
CallWindowProcW
DefWindowProcW
FillRect
FrameRect
GetPropW
GetWindowLongW
IsWindow
KillTimer
RemovePropW
SendMessageW
SetPropW
SetRect
SetTimer
SetWindowLongW
SetWindowsHookExW
UnhookWindowsHookEx
wsprintfW

version

VerQueryValueW

Exports

Exports

CPUID
CloseFileHandles
CompareFiles
DisableProgressStepBack
DriveIsSSD
ExecutePendingFileRenameOperations
FindPendingFileRenameOperations
GetFileVersion
GetProductVersion
GetVersionInfoString
LoadImageFile
ReadResourceString
RedirectProgressBar
RegBinaryInsertString
RegMultiSzDelete
RegMultiSzInsertAfter
RegMultiSzInsertAtIndex
RegMultiSzInsertBefore
RegMultiSzRead
RejectCloseMessages
RemoveSoftwareRestrictionPolicies
RestoreProgressStepBack
StartReceivingClicks
StartTimer
StopReceivingClicks
StopTimer
WriteResourceString

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 376B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

b844086d4b3e59aa7b4439d88bcb40cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GlobalAlloc
GlobalFree
GlobalSize
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
Sleep
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcpyW
lstrcpynW
lstrlenW

msvcrt

_amsg_exit
_initterm
_iob
_lock
_unlock
abort
calloc
free
fwrite
realloc
strlen
strncmp
vfprintf

ole32

CLSIDFromString
StringFromGUID2

user32

wsprintfW

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 172B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 179B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

c3edd09206117610ac78ba82816b607c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

InitializeSecurityDescriptor
IsTextUnicode
SetSecurityDescriptorDacl

kernel32

CloseHandle
CopyFileW
CreateFileMappingW
CreateFileW
CreatePipe
CreateProcessW
DeleteFileW
ExitProcess
GetCommandLineW
GetCurrentProcess
GetExitCodeProcess
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetStartupInfoW
GetTempFileNameW
GetTickCount
GetVersion
GlobalAlloc
GlobalFree
GlobalReAlloc
IsDBCSLeadByteEx
MapViewOfFile
MultiByteToWideChar
PeekNamedPipe
ReadFile
Sleep
TerminateProcess
UnmapViewOfFile
WaitForSingleObject
WideCharToMultiByte
lstrcatW
lstrcmpiW
lstrcpyA
lstrcpyW
lstrcpynW
lstrlenW

user32

CharNextW
CharPrevW
FindWindowExW
SendMessageW
wsprintfW

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/LadaCuScule/LcS.exe
.exe windows:6 windows x64 arch:x64

24e172ffe8fbd921ca04ab7be37e4be7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

wvnsprintfW
wvnsprintfA

kernel32

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
EnterCriticalSection
CloseHandle
HeapAlloc
HeapReAlloc
GetLastError
WriteFile
SetFilePointer
CreateFileW
CreateDirectoryW
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
MoveFileW
DeleteFileW
GetFinalPathNameByHandleW
GetFileSize
CreateThreadpoolTimer
SetThreadpoolTimer
lstrlenA
GetLocalTime
WideCharToMultiByte
GetCurrentProcessId
ProcessIdToSessionId
GetProcAddress
GlobalMemoryStatusEx
GetPhysicallyInstalledSystemMemory
GetModuleFileNameW
FreeLibrary
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LoadLibraryW
GetSystemDirectoryW
FormatMessageW
CreateEventW
SetEvent
WaitForSingleObjectEx
FlushFileBuffers
LeaveCriticalSection
DeleteCriticalSection
HeapFree
GetProcessHeap
SetLastError
ExitProcess
GetModuleHandleW
GetCommandLineW
GetTickCount

advapi32

ControlService
NotifyServiceStatusChangeW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0dab563eb233c2f8e96c29614e10199f

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

26:fd:ad:ac:05:be:80:71:bc:dd:8b:eb:fa:02:15:9dCertificate

Extended Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

35:0a:aa:09:f9:fc:6b:85:4d:46:ca:b9:ca:0f:0f:c9Certificate

Extended Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

c2:18:2b:d4:88:e8:87:79:a9:14:55:92:04:2b:a3:d3:a7:f4:0f:fd:a6:be:8a:0b:e5:d0:27:f6:43:3c:b7:d5Signer

8f:71:11:9e:99:50:3a:93:42:e1:22:bf:ff:d8:06:3d:36:01:1d:e4Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

Sections

.text Size: 50KB - Virtual size: 49KB

.data Size: 512B - Virtual size: 256B

.rdata Size: 15KB - Virtual size: 15KB

.bss Size: - Virtual size: 245KB

.idata Size: 5KB - Virtual size: 5KB

.ndata Size: 512B - Virtual size: 2.8MB

.rsrc Size: 166KB - Virtual size: 166KB

407cd5d8fd5e0edf06b1cd7a10f44333

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 512B - Virtual size: 336B

.eh_fram Size: 1024B - Virtual size: 916B

.bss Size: - Virtual size: 20B

.edata Size: 512B - Virtual size: 99B

.idata Size: 1024B - Virtual size: 1000B

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 512B - Virtual size: 264B

24e172ffe8fbd921ca04ab7be37e4be7

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

advapi32

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: - Virtual size: 32B

.pdata Size: 1024B - Virtual size: 984B

.rsrc Size: 33KB - Virtual size: 33KB

bc0a86c071d564a58b9bd881d1b06a6c

Headers

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

26:fd:ad:ac:05:be:80:71:bc:dd:8b:eb:fa:02:15:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

35:0a:aa:09:f9:fc:6b:85:4d:46:ca:b9:ca:0f:0f:c9
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

c2:18:2b:d4:88:e8:87:79:a9:14:55:92:04:2b:a3:d3:a7:f4:0f:fd:a6:be:8a:0b:e5:d0:27:f6:43:3c:b7:d5
Signer

8f:71:11:9e:99:50:3a:93:42:e1:22:bf:ff:d8:06:3d:36:01:1d:e4
Signer

.text
Size: 50KB - Virtual size: 49KB

.data
Size: 512B - Virtual size: 256B

.rdata
Size: 15KB - Virtual size: 15KB

.bss
Size: - Virtual size: 245KB

.idata
Size: 5KB - Virtual size: 5KB

.ndata
Size: 512B - Virtual size: 2.8MB

.rsrc
Size: 166KB - Virtual size: 166KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 512B - Virtual size: 336B

.eh_fram
Size: 1024B - Virtual size: 916B

.bss
Size: - Virtual size: 20B

.edata
Size: 512B - Virtual size: 99B

.idata
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 512B - Virtual size: 264B

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: - Virtual size: 32B

.pdata
Size: 1024B - Virtual size: 984B

.rsrc
Size: 33KB - Virtual size: 33KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 16KB - Virtual size: 15KB

.rdata
Size: 516KB - Virtual size: 515KB

.eh_fram
Size: 331KB - Virtual size: 330KB

.bss
Size: - Virtual size: 17KB

.edata
Size: 512B - Virtual size: 231B

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 223KB - Virtual size: 222KB

.reloc
Size: 82KB - Virtual size: 82KB

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 84B

.rdata
Size: 3KB - Virtual size: 2KB

.eh_fram
Size: 7KB - Virtual size: 6KB

.bss
Size: - Virtual size: 376B

.edata
Size: 1024B - Virtual size: 850B

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 28B

.rdata
Size: 1KB - Virtual size: 1KB

.eh_fram
Size: 4KB - Virtual size: 4KB

.bss
Size: - Virtual size: 172B

.edata
Size: 512B - Virtual size: 179B

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B