General
-
Target
quake3.exe
-
Size
884KB
-
MD5
4484d9bd32f615ee44a9d1e5c2e4e0ec
-
SHA1
40c93be4f3dcd6a2ba0ea6d4f6cb9649f2f625ed
-
SHA256
1ddf68b5b5314a39325a9362b1564d417a18b2b111be7f8728cd808353829cc0
-
SHA512
88df3fcbe22eb53b7de637f4b15d16be26e44f74759915ede05afc4a50b9d199b6b1f4a8eddfd1f7332482b9ad7845d7d394ecf74bad5c454fbcc5cb510aa171
-
SSDEEP
24576:BKzigdwoimf9m8VisYB0zF5YyYBmVbYP5pTxzafEHdFCkuNi5nXq78:Bo3f88VGm6Td0g5nXq78
Malware Config
Signatures
-
Detect Lumma Stealer payload V4 1 IoCs
resource yara_rule sample family_lumma_v4 -
Lumma family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource quake3.exe
Files
-
quake3.exe.exe windows:4 windows x86 arch:x86
3a17a1a8f9f842b8f57d2dd82b871338
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
GetUserNameA
winmm
midiInGetDevCapsA
midiInOpen
midiInStart
midiInClose
midiInGetNumDevs
joyGetDevCapsA
joyGetPosEx
joyGetNumDevs
timeEndPeriod
timeGetTime
timeBeginPeriod
wsock32
WSAStartup
sendto
bind
inet_ntoa
setsockopt
ntohl
WSAGetLastError
htons
socket
recv
send
connect
gethostname
recvfrom
gethostbyname
closesocket
ioctlsocket
kernel32
GetStringTypeW
GetStringTypeA
SetEnvironmentVariableA
SetEnvironmentVariableW
GetCPInfo
CompareStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
SetStdHandle
ReadFile
GetEnvironmentStrings
GetOEMCP
GetACP
CompareStringW
SetHandleCount
SetFilePointer
GetProcAddress
LoadLibraryA
GlobalMemoryStatus
IsBadReadPtr
GetDriveTypeA
GlobalUnlock
GlobalSize
GlobalLock
FreeLibrary
GetVersionExA
Sleep
SetErrorMode
MulDiv
CreateFileA
SetEndOfFile
GetFileType
GetStdHandle
CloseHandle
WriteFile
HeapDestroy
HeapReAlloc
RtlUnwind
LCMapStringW
GetModuleFileNameA
WideCharToMultiByte
RaiseException
LCMapStringA
MultiByteToWideChar
GetVersion
GetSystemTimeAsFileTime
GetStartupInfoA
GetModuleHandleA
GetCommandLineA
SetFileAttributesA
FileTimeToLocalFileTime
GetFileAttributesA
FindClose
GetEnvironmentVariableA
FileTimeToSystemTime
FindNextFileA
FindFirstFileA
GetFullPathNameA
GetCurrentDirectoryA
CreateDirectoryA
GetCurrentProcess
TerminateProcess
ExitProcess
FlushFileBuffers
HeapFree
MoveFileA
DeleteFileA
GetLastError
HeapAlloc
GetLocalTime
GetSystemTime
GetTimeZoneInformation
ResetEvent
SetEvent
WaitForSingleObject
CreateEventA
VirtualFree
VirtualAlloc
GetSystemDirectoryA
CreateThread
HeapCreate
user32
ClipCursor
SetCapture
SetCursorPos
GetWindowRect
GetSystemMetrics
ReleaseCapture
GetWindowLongA
UnregisterHotKey
SystemParametersInfoA
RegisterWindowMessageA
RegisterHotKey
CloseWindow
DestroyWindow
PostQuitMessage
SetTimer
DefWindowProcA
InvalidateRect
LoadIconA
LoadCursorA
RegisterClassA
AdjustWindowRect
GetDesktopWindow
GetDC
ReleaseDC
CreateWindowExA
UpdateWindow
SetWindowLongA
ShowWindow
SetWindowTextA
SetForegroundWindow
GetWindowTextA
PeekMessageA
CallWindowProcA
SetFocus
GetClipboardData
MessageBoxExA
OpenClipboard
TranslateMessage
CloseClipboard
GetMessageA
ShowCursor
DispatchMessageA
GetCursorPos
SendMessageA
EnumDisplaySettingsA
ChangeDisplaySettingsA
MessageBoxA
gdi32
CreateFontA
GetDeviceGammaRamp
DescribePixelFormat
SetPixelFormat
SwapBuffers
SetTextColor
SetBkColor
CreateSolidBrush
GetDeviceCaps
SetDeviceGammaRamp
ole32
CoUninitialize
CoInitialize
CoCreateInstance
Sections
.text Size: 748KB - Virtual size: 747KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 116KB - Virtual size: 7.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ