LB_Loader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

LB_Loader.exe
Size

64KB
MD5

17454c137da3aa432aa908d05080a922
SHA1

46c690ea2c8db0eef36451ffb5f06873c04729f2
SHA256

11806b0aa4de96764076c8f698b6cb8be73d4303d857f734c0a5c26dfbc416b6
SHA512

0072372500af8dd846869ce1486e4d3ee003dbb5edfdfb5e8913245f70e8de484f3e6a442eed2eb7a8d4736b1cb26be8822b9861d67ac6ea2f1bbbebbe868cc8
SSDEEP

1536:ud9inScEKKIc6cHiRQf+1FedqHz9kZ13:u7inwKKIcxk1F6YkD3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
LB_Loader.exe

Files

LB_Loader.exe
.exe windows:5 windows x64 arch:x64

1ecf6b89fcca9155f09762161b0e68b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shell32

SHGetPathFromIDListW

psapi

GetMappedFileNameA

ole32

CoTaskMemFree

version

VerQueryValueW

user32

LoadIconW

oleaut32

SysFreeString

advapi32

FreeSid

gdi32

SaveDC

ntdll

NtQueryInformationProcess

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.MPRESS1
Size: 53KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE