ligma[.]exe | Triage

Resubmissions

18/02/2024, 20:11

240218-yyefxaeb6y 9

18/02/2024, 20:09

240218-yw7pnseb6s 9

Sharing

Copy URL Twitter E-mail

General

Target

ligma.exe
Size

11.9MB
MD5

fcb5b78d27b3bd6d3d0c578ce19fcf46
SHA1

2587811f77a26ed788cf017375a846da66e21733
SHA256

e702af20fa5593eb61f4a7ee2da8fca9675d4f449d965a9c171b08adaf3a66d7
SHA512

aee098175fc67b9b646424adcc92b130be8735e1f3366875ddde4d392893ea1bcf847fb1450e3e975c8cd91808b14b68e70df68dac5fd7134b7ecb130f818ebf
SSDEEP

196608:lLOIbWuaPYZOubH9m6WOxNjiecoJLidzkrBDkQXKGdMcKkCiI3YjGta4/Oxx0MVi:lLDbWBAZOyE6nixoFUzkr1kQwcKkCi6L

Score

1^/10

Malware Config

Signatures

Files

ligma.exe
.exe windows:6 windows x64 arch:x64

Code Sign

2e:4a:d9:43:50:f4:31:93:44:40:93:95:13:61:df:d1
Certificate

Issuer

CN=Epic Games Inc.

Not Before

17/02/2024, 18:44

Not After

18/02/2034, 18:44

Subject

CN=Epic Games Inc.

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

63:54:1c:30:bc:bb:69:3d:2a:fe:d3:98:47:4e:8a:72:6e:29:51:95:ba:2d:2b:cc:a1:79:20:57:57:53:8e:f1
Signer

Actual PE Digest

63:54:1c:30:bc:bb:69:3d:2a:fe:d3:98:47:4e:8a:72:6e:29:51:95:ba:2d:2b:cc:a1:79:20:57:57:53:8e:f1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 962KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.LOL0
Size: - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SPN
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Code Sign

2e:4a:d9:43:50:f4:31:93:44:40:93:95:13:61:df:d1Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

63:54:1c:30:bc:bb:69:3d:2a:fe:d3:98:47:4e:8a:72:6e:29:51:95:ba:2d:2b:cc:a1:79:20:57:57:53:8e:f1Signer

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: - Virtual size: 962KB

.rdata Size: - Virtual size: 191KB

.data Size: - Virtual size: 171KB

.pdata Size: - Virtual size: 36KB

.LOL0 Size: - Virtual size: 6.2MB

Size: 512B - Virtual size: 5KB

Size: 8.4MB - Virtual size: 8.4MB

Size: 512B - Virtual size: 480B

.edata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.SPN Size: - Virtual size: 5.9MB

.boot Size: 3.5MB - Virtual size: 3.5MB

2e:4a:d9:43:50:f4:31:93:44:40:93:95:13:61:df:d1
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

63:54:1c:30:bc:bb:69:3d:2a:fe:d3:98:47:4e:8a:72:6e:29:51:95:ba:2d:2b:cc:a1:79:20:57:57:53:8e:f1
Signer

.text
Size: - Virtual size: 962KB

.rdata
Size: - Virtual size: 191KB

.data
Size: - Virtual size: 171KB

.pdata
Size: - Virtual size: 36KB

.LOL0
Size: - Virtual size: 6.2MB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.SPN
Size: - Virtual size: 5.9MB

.boot
Size: 3.5MB - Virtual size: 3.5MB