lx5tm9u7ep[.]exe | Triage

Sharing

General

Target

lx5tm9u7ep.exe
Size

1.7MB
MD5

61b9d5e481d6569bc3a2c69b6a563fa5
SHA1

cd43ccf988b7b0b3a8306a5b3bbdaba6ce648bd0
SHA256

a32a5c2f6fa38411bc95977672d8c21b6c058f2e8c9acf6c2b7349aed2d5d6f6
SHA512

866e33b45b3f6aff065a3a220ac1d0bdc393abc9f30e2cc3b70752136309748b44e271f3b0560ec932f2a915f0e6638b05838bd43722033a3b658cd66527c3a1
SSDEEP

49152:xvI6SglMiYkk0TRkWGFIyca6KBDbEQXGQOX:Lk0TxQcafhEQXGQOX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
lx5tm9u7ep.exe

Files

lx5tm9u7ep.exe
.exe windows:6 windows x64 arch:x64

Password: fghfg

64216e759b0d83c178b41cd647fa4aff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlGUIDFromString
RtlAllocateHeap
RtlGetVersion
RtlInitUnicodeString
NtQuerySystemInformation

kernel32

ExitProcess
GetCurrentProcess
GetStdHandle
WriteFile
SetConsoleMode
GetModuleFileNameW
GetFirmwareEnvironmentVariableA
CreateFileW
GetConsoleMode
GetLastError
SetFileInformationByHandle
ReadConsoleInputA
GlobalAlloc
GlobalFree
CloseHandle
GetCommandLineA
GetProcessHeap
Sleep

user32

SetClipboardData
wvsprintfA
EmptyClipboard
CloseClipboard
OpenClipboard
MessageBoxA

advapi32

AdjustTokenPrivileges
RegCloseKey
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyExA
RegQueryValueExW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ