LunarPriv[.]7z

Resubmissions

15/03/2024, 20:48

240315-zlyjpada43 7

15/03/2024, 20:47

240315-zk187abb5w 3

Sharing

Copy URL Twitter E-mail

General

Target

LunarPriv.7z
Size

2.6MB
MD5

08414bc304b2081c3644480ef925e4ce
SHA1

4c5e2cf246de6ece31dd7aafa1e67e8081f7e7f9
SHA256

b61c380858cc2155c6ebb8ff7e530d050ec85e40f0c823edf55e3056a8a9f9c4
SHA512

1c9fad9fb8d331652332ea65b8a6ccdfc0df65bd1333a401e9572408eabf7e38873eddb7c384cdb7ac239c0071142cd7ae2b17711404c531270645ba0977ef27
SSDEEP

49152:29s5jrtnsoL0oUOlu1cKhP1kOx4GaJHFrsXBbrQjPsW7F2Ycn8eOmHkd8m1fDrxX:24rdHvmDP+0aJRs1rQInjnomH+p1RNxz

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LunarSolutions.exe
unpack001/driver.sys

Files

LunarPriv.7z
.7z
LunarSolutions.exe
.exe windows:6 windows x64 arch:x64

74b52eb8385f7aeb5f3273e214e6b9b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\kajte\Downloads\remade\build\husXveru.pdb

Imports

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
VerSetConditionMask

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
CreateToolhelp32Snapshot
GetConsoleWindow
SetConsoleTitleA
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentProcess
CreateFileMappingW
MapViewOfFile
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetModuleHandleA
LoadLibraryA
CreateFileW
ReadFile
CloseHandle
DeviceIoControl
UnmapViewOfFile
GetModuleFileNameA
GetModuleHandleW
QueryFullProcessImageNameW
SetLastError
FormatMessageA
LocalFree
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
lstrcmpiA
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
Sleep
ExitProcess
CreateThread
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
VirtualProtect
Process32First
OutputDebugStringW
Process32Next
GetProcAddress
GlobalAlloc

user32

GetCursorPos
TranslateMessage
DispatchMessageA
DestroyWindow
ShowWindow
SendInput
GetSystemMetrics
LoadCursorA
ScreenToClient
MessageBoxA
GetWindowLongA
SetCursorPos
GetClientRect
ClientToScreen
GetForegroundWindow
GetKeyState
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
SetCursor

d3d11

D3D11CreateDeviceAndSwapChain

msvcp140

?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?setf@ios_base@std@@QEAAHHH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
_Thrd_detach
_Query_perf_frequency
_Query_perf_counter
?uncaught_exceptions@std@@YAHXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z

imm32

ImmReleaseContext
ImmSetCandidateWindow
ImmGetContext
ImmSetCompositionWindow

d3dcompiler_43

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

urlmon

URLDownloadToFileA

normaliz

IdnToAscii

wldap32

ord60
ord50
ord211
ord200
ord217
ord41
ord22
ord26
ord143
ord46
ord301
ord27
ord32
ord30
ord79
ord35
ord33
ord45

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CertOpenStore
CertCloseStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertEnumCertificatesInStore

ws2_32

setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
closesocket
socket
WSASetLastError
WSAIoctl
WSAStartup
ntohl
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
recvfrom
sendto
gethostname
recv

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140

__current_exception
__current_exception_context
strrchr
__C_specific_handler
memcmp
strchr
memchr
strstr
__std_terminate
memset
memmove
memcpy
__std_exception_copy
_CxxThrowException
__std_exception_destroy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

system
_initialize_onexit_table
exit
_errno
_initialize_narrow_environment
terminate
_getpid
_beginthreadex
_register_onexit_function
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_configure_narrow_argv
strerror
__sys_nerr
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_resetstkoflw
_crt_atexit

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc
realloc
_callnewh
_set_new_mode

api-ms-win-crt-string-l1-1-0

strcspn
strpbrk
strspn
_strdup
isupper
strcmp
strncmp
tolower
strncpy

api-ms-win-crt-stdio-l1-1-0

_wfopen
fclose
fflush
fread
fseek
__acrt_iob_func
fopen
_open
_close
_write
_read
ftell
__p__commode
_set_fmode
fwrite
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vsnprintf_s
fgets
_pclose
_popen
fputc
fputs
feof
_lseeki64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

sinf
__setusermatherr
acosf
ceilf
_dclass
cos
tanf
cosf
logf
pow
powf
sin
atan2
asin
sqrtf
log

api-ms-win-crt-convert-l1-1-0

strtod
atoi
strtol
strtoll
strtoul
strtoull
atof

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_stat64
_access
remove
_unlink

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

advapi32

GetTokenInformation
InitializeAcl
CryptImportKey
CryptEncrypt
IsValidSid
GetLengthSid
AddAccessAllowedAce
OpenProcessToken
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
CopySid
SetSecurityInfo
CryptDestroyKey

shell32

ShellExecuteA

Sections

.text
Size: 699KB - Virtual size: 698KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver.sys
.sys windows:10 windows x64 arch:x64

12c47c90a4b7fc6aa7033af75abbafb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\yuhgiuyg\Desktop\FNMAIN\build\hksdr2.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
RtlGetVersion
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObfDereferenceObject
MmCopyMemory
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
IoCreateDriver
PsGetProcessSectionBaseAddress

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 153B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

74b52eb8385f7aeb5f3273e214e6b9b5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

d3dx11_43

kernel32

user32

d3d11

msvcp140

imm32

d3dcompiler_43

dwmapi

urlmon

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

advapi32

shell32

Sections

.text Size: 699KB - Virtual size: 698KB

.rdata Size: 154KB - Virtual size: 153KB

.data Size: 2.8MB - Virtual size: 2.8MB

.pdata Size: 29KB - Virtual size: 28KB

_RDATA Size: 512B - Virtual size: 464B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 3KB - Virtual size: 3KB

12c47c90a4b7fc6aa7033af75abbafb8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 153B

.pdata Size: 512B - Virtual size: 252B

INIT Size: 512B - Virtual size: 492B

.reloc Size: 512B - Virtual size: 36B

.text
Size: 699KB - Virtual size: 698KB

.rdata
Size: 154KB - Virtual size: 153KB

.data
Size: 2.8MB - Virtual size: 2.8MB

.pdata
Size: 29KB - Virtual size: 28KB

_RDATA
Size: 512B - Virtual size: 464B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 153B

.pdata
Size: 512B - Virtual size: 252B

INIT
Size: 512B - Virtual size: 492B

.reloc
Size: 512B - Virtual size: 36B