l[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

l.exe
Size

39KB
MD5

9b7ac7eb8a14a7d2c9b0e6ec2494a8ca
SHA1

2fc0932cb47d0a0047f9f2385ef93774d5e76f6d
SHA256

d60d4e2ac5113ae2227ea97acf2d62a1d327042d791d85f8212945e71b3dd57a
SHA512

312bdf9500a5ff288c482333b50b11d68f9223c163febb88677a30499d36a8e8735edbaa71edc2f934830e1feea0501407103ca1b2550d602007060d4c112db5
SSDEEP

768:igykY8QYaP2kPP8A9z1TMbYI3aW31MjHCPip1MmMbC0:PykY8IJ9z12YI3H1MjHCPizDoC0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
l.exe

Files

l.exe
.exe windows:6 windows x64 arch:x64

5934b1f8218a247bac9fbce1e0c5f14f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Yhome\source\repos\Gdrv-Loader-Updated\bin\gdrvloader.pdb

Imports

ntdll

RtlReleaseRelativeName
NtClose
RtlFreeHeap
NtCreateFile
NtMapViewOfSection
RtlWriteRegistryValue
NtQuerySystemInformation
NtUnloadDriver
NtCreateSection
_snwprintf
RtlInitUnicodeString
wcscpy_s
wcscat_s
RtlGetFullPathName_UEx
NtDeviceIoControlFile
RtlAdjustPrivilege
_stricmp
NtUnmapViewOfSection
NtLoadDriver
RtlDosPathNameToRelativeNtPathName_U_WithStatus
_vsnwprintf
NtTerminateProcess
NtDeleteFile
RtlDosPathNameToNtPathName_U
RtlNormalizeProcessParams
RtlFreeUnicodeString
RtlCreateRegistryKey
RtlAllocateHeap
strcmp

kernel32

WriteConsoleW
CloseHandle
GetLastError
CreateFileW
WriteFile
SearchPathW

shlwapi

SHDeleteKeyW

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ