LEWDaccident_DEMO_1_0[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

LEWDaccident_DEMO_1_0.zip
Size

56.3MB
MD5

0e06b3bd2e82bee5b38709f916dc51f2
SHA1

a2eac29cc690465783d232ab534992285fd30182
SHA256

5007b344823999e659d7eed847241124813db900cd29471a7f0c6a3b5f2ca384
SHA512

3bb6e4443f124f0d8acafe543cff40010fe67e29d96c65421e09f7e937cb65436ab986caa696c762777cc5bd19fd275103b7593e2385d382507d38d1017bd8e2
SSDEEP

1572864:OZYMAB+Ggo8fdHz3dSRGKz9Ci6edbmC0QMNTz9G91ZbvWYPlV:AlU+pbfdHzcjzD6e5mC0QMG91xvWYPlV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LEWDaccident.exe

Files

LEWDaccident_DEMO_1_0.zip
.zip
LEWDaccident.exe
.exe windows:4 windows x64 arch:x64

07aa61bb71ef32a4a4535d0440a93c24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

GetCurrentHwProfileA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

avrt

AvSetMmThreadCharacteristicsA
AvSetMmThreadPriority

bcrypt

BCryptGenRandom

dinput8

DirectInput8Create

dwmapi

DwmEnableBlurBehindWindow
DwmFlush
DwmIsCompositionEnabled

gdi32

BitBlt
ChoosePixelFormat
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
SelectObject
SetBkColor
SetPixelFormat
SetTextColor
SwapBuffers

imm32

ImmAssociateContext
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

iphlpapi

GetAdaptersAddresses
GetBestInterfaceEx

kernel32

AddVectoredExceptionHandler
AllocConsole
CloseHandle
CreateDirectoryW
CreateEventA
CreateMutexA
CreateProcessW
CreateSemaphoreA
DeleteCriticalSection
DeleteFileW
DuplicateHandle
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FreeLibrary
GetCommandLineW
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExA
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetHandleInformation
GetLastError
GetLocalTime
GetLocaleInfoEx
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNativeSystemInfo
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemPowerStatus
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameW
GetThreadContext
GetThreadPriority
GetTickCount
GetTickCount64
GetTimeZoneInformation
GetUserDefaultUILanguage
GetVolumeInformationW
GlobalAlloc
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LCIDToLocaleName
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalFree
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ReplaceFileW
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCtrlHandler
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEvent
SetLastError
SetPriorityClass
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_beginthreadex
_cexit
_endthreadex
_errno
_fdopen
_filelengthi64
_fileno
_fmode
_fstat64
_getpid
_gmtime64
_initterm
_lock
_lseeki64
_onexit
_open_osfhandle
_pclose
_scprintf
_setjmp
_snprintf
_strdup
fwprintf
_strnicmp
_time64
_ultoa
_unlock
_vsnprintf
_vsnprintf_s
_wchdir
_wfopen
_wfopen_s
_wgetenv
_wpopen
_wrename
_write
_wrmdir
_wstat64
_wunlink
abort
acos
asin
atan
atof
atoi
bsearch
calloc
cosh
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fputwc
fread
free
frexp
fseek
fsetpos
ftell
fwrite
getc
getenv
getwc
islower
ispunct
isspace
isupper
iswctype
isxdigit
localeconv
log10
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
putc
putchar
puts
putwc
qsort
rand
realloc
remove
setlocale
setvbuf
signal
sinh
sprintf
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcpy_s
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
strxfrm
tan
tanh
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcscpy_s
wcsftime
wcslen
wcsxfrm
_write
_strdup
_read
_memicmp
_fileno
_fdopen

ole32

CoCreateInstance
CoInitialize
CoTaskMemFree
PropVariantClear

opengl32

wglCreateContext
wglDeleteContext
wglGetProcAddress
wglMakeCurrent

shell32

CommandLineToArgvW
DragAcceptFiles
DragQueryFileW
SHFileOperationW
SHGetKnownFolderPath
ShellExecuteW

shlwapi

PathFileExistsW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
AllowSetForegroundWindow
CallWindowProcW
ClientToScreen
ClipCursor
CloseClipboard
CloseTouchInputHandle
CreateIconFromResource
CreateIconIndirect
CreateWindowExW
DefWindowProcW
DestroyIcon
DispatchMessageW
EmptyClipboard
EnumDisplayMonitors
FlashWindowEx
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameA
GetMessageExtraInfo
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetSystemMetrics
GetTouchInputInfo
GetWindowLongPtrA
GetWindowRect
IsClipboardFormatAvailable
IsIconic
IsWindowVisible
KillTimer
LoadCursorA
LoadIconA
MessageBoxA
MessageBoxW
MonitorFromWindow
MoveWindow
OpenClipboard
PeekMessageW
RegisterClassExW
RegisterRawInputDevices
RegisterTouchWindow
ReleaseCapture
ReleaseDC
ScreenToClient
SendMessageA
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetTimer
SetWindowLongPtrA
SetWindowPos
SetWindowRgn
SetWindowTextW
ShowWindow
TrackMouseEvent
TranslateMessage

winmm

midiInClose
midiInGetDevCapsA
midiInGetErrorTextA
midiInGetID
midiInGetNumDevs
midiInOpen
midiInStart
midiInStop
timeBeginPeriod
timeEndPeriod
timeGetTime

ws2_32

WSAConnect
freeaddrinfo
getaddrinfo
getnameinfo
inet_pton

wsock32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
getsockname
htonl
htons
inet_addr
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
_Z13widechar_mainiPPw
_Z5_mainv
main

Sections

.text
Size: 28.1MB - Virtual size: 28.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

pck
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 725KB - Virtual size: 725KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 78KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 209B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LEWDaccident.pck
readme.txt

Sharing

General

Malware Config

Signatures

Files

07aa61bb71ef32a4a4535d0440a93c24

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

avrt

bcrypt

dinput8

dwmapi

gdi32

imm32

iphlpapi

kernel32

msvcrt

ole32

opengl32

shell32

shlwapi

user32

winmm

ws2_32

wsock32

Exports

Exports

Sections

.text Size: 28.1MB - Virtual size: 28.1MB

.data Size: 61KB - Virtual size: 60KB

.rdata Size: 3.3MB - Virtual size: 3.3MB

pck Size: 512B - Virtual size: 8B

.rodata Size: 2KB - Virtual size: 2KB

.pdata Size: 725KB - Virtual size: 725KB

.xdata Size: 2.1MB - Virtual size: 2.1MB

.bss Size: - Virtual size: 78KB

.edata Size: 512B - Virtual size: 209B

.idata Size: 15KB - Virtual size: 15KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 163KB - Virtual size: 164KB

.reloc Size: 144KB - Virtual size: 143KB

.text
Size: 28.1MB - Virtual size: 28.1MB

.data
Size: 61KB - Virtual size: 60KB

.rdata
Size: 3.3MB - Virtual size: 3.3MB

pck
Size: 512B - Virtual size: 8B

.rodata
Size: 2KB - Virtual size: 2KB

.pdata
Size: 725KB - Virtual size: 725KB

.xdata
Size: 2.1MB - Virtual size: 2.1MB

.bss
Size: - Virtual size: 78KB

.edata
Size: 512B - Virtual size: 209B

.idata
Size: 15KB - Virtual size: 15KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 163KB - Virtual size: 164KB

.reloc
Size: 144KB - Virtual size: 143KB