lkb99[.]zip | Triage

Resubmissions

23-01-2024 18:31

240123-w58bfsfbd5 10

17-11-2020 06:46

201117-dxqz14h7v2 10

Sharing

Copy URL

Twitter E-mail

General

Target

lkb99.zip
Size

219KB
MD5

93501d735c2890d09756f59bc216dc48
SHA1

51233abb6261ac8a5d99bb7cd66ff2e4082c4aef
SHA256

0869bbfc5a182cf953eabef4dfa0ea2038cdb7eed89b07e207e3739609993067
SHA512

aefa3f01841ad12d5ad1eb42ac40a9c173faa761d5f627955738e959f9d5ce4cbbde0333235f97a5c1e6405f9990fdee14e8a4e86e5afa92bcb40e5e4b9fed41
SSDEEP

6144:+zbP67rE6kBKOOtSvmzMRxbplzNOxcthBE6OhxL:+n1BMO5MSX/thB2hxL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/lkb99.exe

Files

lkb99.zip
.zip

Password: infected
lkb99.exe
.exe windows:6 windows x86 arch:x86

Password: infected

addbdfa05631246747e74dc28223fb1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
GetLastError
VirtualAlloc
FindClose
FindNextFileW
CloseHandle
WriteConsoleW
GetTempPathW
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
MultiByteToWideChar
GetTimeZoneInformation
CreateEventA
GetTickCount
WaitForSingleObject
SystemTimeToTzSpecificLocalTime
FindFirstFileW
GetTempFileNameW
SetFilePointerEx
GetSystemDefaultLangID
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
LoadLibraryW
OutputDebugStringW
HeapReAlloc
GetCPInfo
EncodePointer
DecodePointer
GetCommandLineA
RaiseException
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
InterlockedDecrement
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
HeapSize
Sleep
GetStdHandle
WriteFile
GetModuleFileNameW
HeapFree
HeapAlloc
SetLastError
InterlockedIncrement
GetCurrentThread
GetCurrentThreadId
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
CreateSemaphoreW
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
InterlockedExchange
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
IsValidCodePage
GetACP
GetOEMCP
CreateFileW

user32

GetCursorPos
GetSystemMetrics
UpdateWindow
GetWindowDC
EnumWindowStationsA
GetClipboardFormatNameA
SendMessageA
GetForegroundWindow
SetWindowContextHelpId
GetWindowTextA
GetAncestor

advapi32

ImpersonateAnonymousToken
GetSidLengthRequired
ImpersonateLoggedOnUser
DuplicateToken
GetAclInformation
GetTokenInformation
GetSidSubAuthorityCount
GetSidIdentifierAuthority
GetLengthSid

oleaut32

SysAllocStringLen
VariantChangeType
VariantInit

dwmapi

ord102

wtsapi32

WTSEnumerateSessionsA

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

addbdfa05631246747e74dc28223fb1e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

dwmapi

wtsapi32

Sections

.text Size: 143KB - Virtual size: 142KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 368KB - Virtual size: 367KB

.text
Size: 143KB - Virtual size: 142KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 368KB - Virtual size: 367KB