liquidlauncher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

liquidlauncher.exe
Size

14.4MB
MD5

3bd0d36771637bbd433548d1c8ec7b97
SHA1

6ca968c46d02bba22c535185423640c22c3ff1a5
SHA256

c1b19ff57942bba151f99b450e6a9756db716638ed1a4fa81387f04c096e97ba
SHA512

2b2ebdcc121d3c71673307971c76f308bbabcb4ad859d712417c52178c1a8b465789abc5d7903ca547672132eb5bad02ae846339b73d21ade0535e1170a36803
SSDEEP

98304:SY8Ra5cb2WZ4NSCSIrxdwt994FW8SSqhxiGZHZE34b0B6ufeWq4NSC//VvoWbhs2:fDgK/5/zhjK2BeptOHCqvQlXbjrLG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
liquidlauncher.exe

Files

liquidlauncher.exe
.exe windows:6 windows x64 arch:x64

73b2e6cf22fd6f6e6172143b069f7f1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlUnwindEx
RtlPcToFileHeader
NtCancelIoFileEx
NtWriteFile
NtReadFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlGetVersion
RtlNtStatusToDosError
NtCreateFile
RtlGetNtVersionNumbers
NtDeviceIoControlFile
RtlVirtualUnwind
NtQuerySystemInformation
NtQueryInformationProcess

kernel32

lstrlenW
GetModuleHandleW
SetEnvironmentVariableW
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetProcessHeap
GetCurrentThreadId
UnhandledExceptionFilter
FindClose
SetUnhandledExceptionFilter
WaitForThreadpoolTimerCallbacks
IsProcessorFeaturePresent
LoadLibraryExW
IsDebuggerPresent
RaiseException
GetCommandLineW
GetUserDefaultLocaleName
CreateDirectoryW
RemoveDirectoryW
WaitForSingleObject
RegisterWaitForSingleObject
CreateSymbolicLinkW
SetFileAttributesW
CreateHardLinkW
SetFilePointerEx
SetFileInformationByHandle
CreateWaitableTimerExW
Sleep
SetWaitableTimer
OutputDebugStringW
OutputDebugStringA
FormatMessageW
WideCharToMultiByte
SetFileTime
LCIDToLocaleName
GetUserDefaultUILanguage
EncodePointer
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
LoadLibraryExA
GetProcAddress
FreeLibrary
GetModuleHandleA
GetSystemInfo
DeleteCriticalSection
SleepConditionVariableSRW
WakeConditionVariable
WakeAllConditionVariable
InitializeSListHead
CloseHandle
TryAcquireSRWLockExclusive
SwitchToThread
PostQueuedCompletionStatus
UnregisterWaitEx
GlobalUnlock
GlobalLock
GlobalAlloc
CreatePipe
GetLastError
LoadLibraryW
LocalFree
SetThreadpoolTimerEx
CreateThreadpoolTimer
ReleaseSRWLockShared
AcquireSRWLockShared
GetProcessIoCounters
GetSystemTimes
InitializeCriticalSectionAndSpinCount
TlsAlloc
VirtualQueryEx
ReadProcessMemory
OpenProcess
GetProcessTimes
DeviceIoControl
GetVolumeInformationW
GetDriveTypeW
TlsGetValue
GetDiskFreeSpaceExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetLogicalDrives
GetProcessId
GetCurrentThread
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
SetLastError
QueryPerformanceFrequency
GetCurrentDirectoryW
GetCurrentProcess
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
FindFirstFileW
HeapReAlloc
HeapFree
CloseThreadpoolTimer
HeapAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentProcessId
TlsFree
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
ExitProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
CreateMutexA
WaitForSingleObjectEx
LoadLibraryA
ReleaseMutex
DeleteFileW
MoveFileExW
CopyFileExW
SetHandleInformation
GlobalMemoryStatusEx
GetTickCount64
TlsSetValue
GetExitCodeProcess
CreateNamedPipeW

user32

GetClipboardData
CloseClipboard
RegisterClipboardFormatW
SetClipboardData
CreateIcon
CreateMenu
AppendMenuW
OpenClipboard
RegisterHotKey
UnregisterHotKey
ShowCursor
RegisterWindowMessageA
GetMessageA
DispatchMessageA
ClipCursor
GetClipCursor
SetWindowLongW
GetSystemMenu
ToUnicodeEx
GetKeyboardLayout
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
GetKeyboardState
RedrawWindow
GetClientRect
IsProcessDPIAware
GetDC
SystemParametersInfoA
PostQuitMessage
EnumChildWindows
EnableMenuItem
RegisterTouchWindow
CheckMenuItem
EmptyClipboard
GetSystemMetrics
IsWindow
InvalidateRgn
ShowWindow
GetCursorPos
SetWindowPlacement
CreateAcceleratorTableW
DestroyIcon
SetMenuItemInfoW
ChangeDisplaySettingsExW
VkKeyScanW
RegisterClassExW
ReleaseCapture
GetUpdateRect
ValidateRect
GetRawInputData
AdjustWindowRectEx
SetWindowPos
GetMonitorInfoW
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
DestroyWindow
TrackMouseEvent
SetCapture
MonitorFromRect
GetWindowPlacement
GetWindowLongW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
GetAncestor
RegisterRawInputDevices
SetWindowLongPtrW
CreateWindowExW
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
SetCursor
LoadCursorW
SetCursorPos
GetWindowTextW
SetWindowDisplayAffinity
EnumDisplayMonitors
GetWindowTextLengthW
SendInput
MapVirtualKeyW
SetForegroundWindow
GetForegroundWindow
MonitorFromPoint
SetWindowTextW
IsIconic
IsWindowVisible
GetWindowRect
MonitorFromWindow
ClientToScreen
GetMenu
GetWindowLongPtrW
FlashWindowEx
GetActiveWindow
SendMessageW
SetMenu
DestroyAcceleratorTable

bcrypt

BCryptGenRandom

comctl32

SetWindowSubclass
RemoveWindowSubclass
DefSubclassProc
TaskDialogIndirect

ole32

CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity
RevokeDragDrop
CreateStreamOnHGlobal
CoTaskMemFree
OleInitialize
CoTaskMemAlloc
RegisterDragDrop
CoUninitialize

shell32

CommandLineToArgvW
SHAppBarMessage
SHGetKnownFolderPath
ShellExecuteW
DragQueryFileW
SHCreateItemFromParsingName
DragFinish

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

dwmapi

DwmSetWindowAttribute
DwmEnableBlurBehindWindow

crypt32

CertGetCertificateChain
CertDuplicateStore
CertDuplicateCertificateChain
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertAddCertificateContextToStore
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertCloseStore

pdh

PdhCollectQueryData
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhAddEnglishCounterW
PdhCloseQuery
PdhOpenQueryA

ws2_32

connect
WSASocketW
bind
ioctlsocket
shutdown
setsockopt
getsockopt
getpeername
WSAGetLastError
getsockname
WSASend
send
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
recv
closesocket
WSAIoctl

advapi32

GetLengthSid
CopySid
LookupAccountSidW
OpenProcessToken
GetTokenInformation
SystemFunction036
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
IsValidSid
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW

secur32

AcceptSecurityContext
FreeCredentialsHandle
ApplyControlToken
LsaEnumerateLogonSessions
FreeContextBuffer
LsaFreeReturnBuffer
QueryContextAttributesW
LsaGetLogonSessionData
DecryptMessage
InitializeSecurityContextW
AcquireCredentialsHandleA
DeleteSecurityContext
EncryptMessage

oleaut32

SysAllocString
SysStringLen
GetErrorInfo
SetErrorInfo
SysFreeString
VariantClear

psapi

GetModuleFileNameExW
GetPerformanceInfo

iphlpapi

GetAdaptersAddresses
FreeMibTable
GetIfTable2
GetIfEntry2

netapi32

NetUserGetLocalGroups
NetUserGetInfo
NetUserEnum
NetApiBufferFree

powrprof

CallNtPowerInformation

uxtheme

SetWindowTheme

api-ms-win-crt-string-l1-1-0

wcslen
strcpy_s
_wcsicmp
strlen
wcsncmp

api-ms-win-crt-math-l1-1-0

__setusermatherr
floor
round
pow
trunc

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_set_app_type
_initterm_e
_initialize_narrow_environment
_get_initial_narrow_environment
exit
_exit
__p___argc
_seh_filter_exe
__p___argv
_cexit
_c_exit
abort
_wassert
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
strerror
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
_set_new_mode
free
malloc

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73b2e6cf22fd6f6e6172143b069f7f1b

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

bcrypt

comctl32

ole32

shell32

gdi32

dwmapi

crypt32

pdh

ws2_32

advapi32

secur32

oleaut32

psapi

iphlpapi

netapi32

powrprof

uxtheme

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 9.1MB - Virtual size: 9.1MB

.rdata Size: 4.8MB - Virtual size: 4.8MB

.data Size: 17KB - Virtual size: 21KB

.pdata Size: 364KB - Virtual size: 364KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 51KB - Virtual size: 51KB

.text
Size: 9.1MB - Virtual size: 9.1MB

.rdata
Size: 4.8MB - Virtual size: 4.8MB

.data
Size: 17KB - Virtual size: 21KB

.pdata
Size: 364KB - Virtual size: 364KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 51KB - Virtual size: 51KB