Static task
static1
General
-
Target
lotrbfme2ep1131073german.exe
-
Size
23.8MB
-
MD5
efc2ab600871620e20216ba8f3eeb0e6
-
SHA1
97e13f33a2781723081fd52a47a74f579c09b3f7
-
SHA256
a05126202066c27a057a215586b683a75d3e1eaa32ee6cfac65fbb794fb1f4b9
-
SHA512
218351fae80d3ad80e1042b4906bf94b034dfeb60655b28ca108cfd6f65624803ee76f4be274bf9cc53517ff2707d1a9bacc1f9112eab49d17a9fbdf8c8a8486
-
SSDEEP
393216:uViqFmBeixVRyEFmeznnhNVLQNSh0tu7XMexzNPP5s+0DFgyH+30:HgmBzxFlnQAh0c7cwBPBs+OSM+E
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource lotrbfme2ep1131073german.exe
Files
-
lotrbfme2ep1131073german.exe.exe windows:1 windows x86 arch:x86
a07b72e5e585908fbc603a8a00070663
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetTempFileNameA
GetSystemDirectoryA
GetTempPathA
LoadResource
lstrlenA
FindResourceA
WriteFile
LockResource
CreateFileA
LoadLibraryA
CloseHandle
FreeResource
DeleteFileA
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetWindowsDirectoryA
SetFilePointer
VirtualFree
GetFileType
GetStdHandle
GetCPInfo
GetOEMCP
GetACP
UnhandledExceptionFilter
ExitProcess
GetLastError
WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
GetVersion
VirtualAlloc
FlushFileBuffers
GetCommandLineA
GetCurrentProcess
GetEnvironmentStrings
SetEndOfFile
ReadFile
GetStartupInfoA
SetStdHandle
user32
GetParent
GetSysColor
LoadStringA
MoveWindow
PeekMessageA
LoadBitmapA
GetDesktopWindow
GetWindowRect
CreateDialogParamA
OemToCharA
DrawEdge
InvalidateRect
RegisterWindowMessageA
LoadIconA
LoadCursorA
RegisterClassA
DialogBoxParamA
CharToOemA
MessageBoxA
ExitWindowsEx
SendMessageA
GetDC
UpdateWindow
DestroyWindow
GetMessageA
TranslateMessage
DispatchMessageA
ReleaseDC
GetDlgItemTextA
SetWindowTextA
wsprintfA
SetDlgItemTextA
EnableWindow
EndDialog
GetDlgItem
BeginPaint
EndPaint
PostQuitMessage
SetFocus
DefWindowProcA
GetClientRect
CreateWindowExA
ShowWindow
IsDlgButtonChecked
CheckDlgButton
DrawTextA
gdi32
CreateSolidBrush
GetObjectA
DeleteDC
DPtoLP
StretchBlt
SetMapMode
BitBlt
SelectObject
CreateCompatibleDC
GetMapMode
SetBkMode
Rectangle
DeleteObject
CreateHatchBrush
GetStockObject
comdlg32
GetOpenFileNameA
CommDlgExtendedError
advapi32
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
Sections
.text Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 7KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 28B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 203KB - Virtual size: 202KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ