LMX64[.]Exe[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

LMX64.Exe.exe
Size

5.2MB
MD5

e9c4124c31910da50c12c025e4abb17b
SHA1

0661d0fc4c5b680961a31a5e66d588b7c931515d
SHA256

9b34f327cc021474e353f920eaf1c9e890fe2d9e13f1ca049ae3315a6899a2a0
SHA512

9f22b16a9d2cf18d5afc03d826b6ca9ac20b731d6f1bd1e32dbf894366e58871707154347b5e6ec842237d3035d2dcb10d90d4018d9227754ac28b1fcbd56764
SSDEEP

98304:YnMl1vt5EYYGGB4MKY8A08k8ELe3AYWlO6Z7:ZeaLe3AVZZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
LMX64.Exe.exe

Files

LMX64.Exe.exe
.exe windows:6 windows x64 arch:x64

f17d6f7d21494e6fd8a4d99f372c43b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtCancelIoFileEx
NtCreateFile
NtWriteFile
RtlNtStatusToDosError
NtDeviceIoControlFile
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
RtlCaptureContext
NtReadFile

oleaut32

SafeArrayDestroy
SysFreeString
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnaccessData
VariantClear
SysAllocStringLen

kernel32

WaitForSingleObject
GetExitCodeProcess
GetFileInformationByHandle
GetModuleHandleA
GetProcAddress
GetCurrentThread
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
GetModuleHandleW
FormatMessageW
GetTempPathW
GetCommandLineW
GetQueuedCompletionStatusEx
GetFullPathNameW
FlushFileBuffers
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
GetFinalPathNameByHandleW
SetLastError
TryAcquireSRWLockExclusive
SetFileCompletionNotificationModes
CreateIoCompletionPort
SetHandleInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
AddVectoredExceptionHandler
ReadFile
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
LoadLibraryExW
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
CopyFileExW
PostQueuedCompletionStatus
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReleaseSRWLockExclusive
SwitchToThread
SetFileInformationByHandle
GetModuleFileNameW
CreateFileW
TerminateProcess
HeapReAlloc
GetProcessHeap
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
HeapAlloc
Sleep
GetLastError
SetThreadStackGuarantee
GetSystemInfo
IsProcessorFeaturePresent
CloseHandle
WakeConditionVariable
FindClose
CancelIo
HeapFree
InitializeSListHead
IsDebuggerPresent
EncodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetFileInformationByHandleEx
GetCurrentDirectoryW

ws2_32

bind
ioctlsocket
socket
listen
getsockname
shutdown
accept
WSAGetLastError
getpeername
WSASocketW
closesocket
setsockopt
WSASend
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
select
recv
getsockopt
WSAIoctl
send
connect

crypt32

CertFreeCertificateContext
CertCloseStore
CertDuplicateCertificateContext
CertOpenStore
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptUnprotectData
CertDuplicateStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertDuplicateCertificateChain

user32

EnumDisplaySettingsExW
EnumDisplayMonitors
GetMonitorInfoW

advapi32

SystemFunction036
FreeSid
CheckTokenMembership
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AllocateAndInitializeSid

rstrtmgr

RmStartSession
RmRegisterResources
RmGetList

bcrypt

BCryptGenRandom

secur32

QueryContextAttributesW
InitializeSecurityContextW
AcceptSecurityContext
ApplyControlToken
EncryptMessage
DecryptMessage
FreeCredentialsHandle
DeleteSecurityContext
FreeContextBuffer
AcquireCredentialsHandleA

gdi32

GetObjectW
GetDIBits
CreateDCW
GetDeviceCaps
DeleteDC
SetStretchBltMode
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
StretchBlt

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx

api-ms-win-crt-string-l1-1-0

strcpy_s
strlen
strncmp
strcspn
strcmp
wcsncmp

api-ms-win-crt-math-l1-1-0

_dclass
log
ceil
truncf
pow
powf
__setusermatherr
roundf
exp2f

api-ms-win-crt-heap-l1-1-0

calloc
_set_new_mode
_msize
realloc
free
malloc

api-ms-win-crt-utility-l1-1-0

_rotl64
qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initterm
_configure_narrow_argv
_initterm_e
exit
_exit
_set_app_type
__p___argc
_seh_filter_exe
__p___argv
_cexit
_c_exit
_register_onexit_function
_initialize_onexit_table
_endthreadex
_register_thread_local_exe_atexit_callback
_beginthreadex
abort
terminate
_initialize_narrow_environment
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f17d6f7d21494e6fd8a4d99f372c43b1

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

oleaut32

kernel32

ws2_32

crypt32

user32

advapi32

rstrtmgr

bcrypt

secur32

gdi32

ole32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 24KB - Virtual size: 27KB

.pdata Size: 82KB - Virtual size: 81KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 34KB - Virtual size: 33KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 24KB - Virtual size: 27KB

.pdata
Size: 82KB - Virtual size: 81KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 34KB - Virtual size: 33KB