liptrip[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

liptrip.exe
Size

679KB
MD5

0036220665dc7fe0a52abd38d372bfe5
SHA1

f3b6ec5d96889a45cb8d4d604da15b76a308584e
SHA256

faa90ee4383519eb685b9ef1cb7b7b9686d7a01521e56037614b328420f50475
SHA512

d24b77337c29d30f3526c8d7d96c07c5bc44c9b2274b24225a7454d0387704d6f6bad14c545bafa1640b995198270336b142b78b8e05e5002d11324aaad2ddc0
SSDEEP

12288:iZgOZ49vAFwwhwcGDuDTfDWRDuyu9tQ5KkjDACRXTktRsiOn3wNt+KIdkKB/U:iZgOZqvAFnhwdDuPfDWRqhg5/jzRXTk5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
liptrip.exe

Files

liptrip.exe
.exe windows:6 windows x86 arch:x86

Password: booga

ae99dbf44db8646c3aa2a713e6687396

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

IsValidSid

comdlg32

GetOpenFileNameA

dinput8

DirectInput8Create

dsound

ord11

gdi32

TextOutW

imm32

ImmGetDefaultIMEWnd

mf

MFCreateTopology

mfplat

MFStartup

shell32

DragFinish

user32

GetDC

version

VerQueryValueW

wininet

InternetOpenW

winmm

PlaySoundW

d3d9

Direct3DCreate9

gdiplus

GdipFree

ole32

CoTaskMemFree

Sections

.MPRESS1
Size: 515KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE