12c8ee13491cc25148fe101c25bb464448da605222bdb6bab12efdd18c273791

Sharing

Copy URL Twitter E-mail

General

Target

12c8ee13491cc25148fe101c25bb464448da605222bdb6bab12efdd18c273791
Size

3.1MB
MD5

8e0e24e97735079c16b29d6aaec0332e
SHA1

baa4bc2e0586add346fc6db2ac995a2bafdf919d
SHA256

12c8ee13491cc25148fe101c25bb464448da605222bdb6bab12efdd18c273791
SHA512

b478244d2119a4fe98e0b870d1d1a07a52c7e27a7ef65d6e0b99a9b34ecefe4ca6618f0d43f3a415065f0025ef7c188d3cdf03e99de6cf17aca80891a27a0f05
SSDEEP

98304:vUQfh7bLJto1Xwvc2sbabq1LEu14ccFH:vUK7bU9wvzq1LEb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12c8ee13491cc25148fe101c25bb464448da605222bdb6bab12efdd18c273791

Files

12c8ee13491cc25148fe101c25bb464448da605222bdb6bab12efdd18c273791
.exe windows:5 windows x86 arch:x86

b28930c025c06af4f7765ce92dcd48cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\_work\lldownloader\01.Code\LLDownloader\Bin\LLDownloader.pdb

Imports

kernel32

GetCPInfo
GetStringTypeW
SwitchToThread
OutputDebugStringW
CreateThread
ExitThread
FreeLibraryAndExitThread
RtlUnwind
GetDriveTypeW
SetFilePointerEx
GetCommandLineA
GetCommandLineW
HeapQueryInformation
GetSystemInfo
VirtualAlloc
VirtualQuery
SetStdHandle
ExitProcess
GetACP
GetConsoleMode
ReadConsoleW
GetConsoleCP
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleExW
GetUserDefaultLCID
GetTempFileNameW
GetProfileIntW
SearchPathW
GetWindowsDirectoryW
FindResourceExW
GetTempPathW
SetErrorMode
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
GetCurrentDirectoryW
FileTimeToSystemTime
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GlobalGetAtomNameW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetThreadPriority
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcpyW
lstrcmpA
GetVersionExW
GetCurrentThread
GetThreadLocale
lstrcmpiW
GetCurrentProcess
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
CopyFileW
LocalFree
GlobalSize
GetCurrentProcessId
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryA
LoadLibraryExW
GetModuleHandleA
GetCurrentThreadId
EncodePointer
OutputDebugStringA
GetFileSizeEx
VerifyVersionInfoW
VerSetConditionMask
PeekNamedPipe
ReadFile
GetStdHandle
GetFileType
SizeofResource
WaitForMultipleObjects
GetEnvironmentVariableA
MoveFileExW
Sleep
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
GetSystemDirectoryW
GetModuleHandleW
SleepEx
InitializeCriticalSection
FormatMessageW
SetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
GetDiskFreeSpaceExW
WideCharToMultiByte
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
HeapFree
CreateMutexW
ResetEvent
SetEvent
WaitForSingleObject
FreeResource
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
CreateEventW
WriteFile
CreateFileW
MultiByteToWideChar
GetLastError
GetModuleFileNameW
DeleteFileW
CloseHandle
FindResourceW
LoadResource
LockResource
LCMapStringW
WriteConsoleW

user32

KillTimer
SetTimer
ReleaseCapture
SetCapture
IsZoomed
TrackMouseEvent
GetAsyncKeyState
RealChildWindowFromPoint
CopyImage
GetMenuItemInfoW
DestroyMenu
EnumDisplayMonitors
SystemParametersInfoW
LoadCursorW
GetSysColorBrush
SetLayeredWindowAttributes
SetCursor
ShowOwnedPopups
TranslateMessage
GetMessageW
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
GetSystemMetrics
CharUpperW
OffsetRect
SetRectEmpty
SendDlgItemMessageA
GetCursorPos
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IntersectRect
InflateRect
MapVirtualKeyW
GetKeyNameTextW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
GetWindowThreadProcessId
ClientToScreen
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
GetSystemMenu
CheckDlgButton
MoveWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
EnableWindow
LoadIconW
SendMessageW
PostMessageW
GetClientRect
SetScrollInfo
LoadAcceleratorsW
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
UpdateLayeredWindow
SetWindowLongW
GetWindowLongW
PtInRect
EqualRect
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
EnableScrollBar
UnionRect
DrawIconEx
MonitorFromPoint
DestroyIcon
WaitMessage
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
DrawEdge
DrawFrameControl
DrawFocusRect
DeleteMenu
RedrawWindow
ValidateRect
SetWindowRgn
MessageBeep
WindowFromPoint
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
IsRectEmpty
LoadBitmapW
LoadImageW
GetWindowRect
MessageBoxW
InvalidateRect
UpdateWindow
SetRect
GetDC
ReleaseDC
FillRect
GetSysColor
CopyRect
FindWindowW
ShowWindow
SetForegroundWindow
UnregisterClassW
UnhookWindowsHookEx
DrawStateW
GetClassNameW
LoadMenuW
GetSubMenu
GetParent
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsWindow
IsMenu
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
CreateAcceleratorTableW
DestroyAcceleratorTable
SetCursorPos
SetParent
IsWindowVisible
IsIconic
GetDlgItem
GetDlgCtrlID
SetFocus
GetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
GetMenuItemID
GetMenuItemCount
TrackPopupMenu
SetActiveWindow
GetForegroundWindow
BeginPaint
EndPaint
GetClassLongW
BringWindowToTop
LockWindowUpdate
SetClassLongW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClipboardFormatW
CharUpperBuffW
ModifyMenuW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
CopyIcon
FrameRect
PostThreadMessageW
GetIconInfo
HideCaret
InvertRect
DrawIcon
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CreateMenu
GetWindowRgn
GetComboBoxInfo
DestroyCursor
CallNextHookEx

gdi32

SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CopyMetaFileW
CreateDCW
CreateRectRgnIndirect
PatBlt
CombineRgn
CreateFontIndirectW
GetMapMode
SetRectRgn
DPtoLP
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetTextMetricsW
GetTextExtentPoint32W
CreateRoundRectRgn
CreateDIBSection
SetMapMode
GetTextColor
GetRgnBox
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
EnumFontFamiliesExW
RealizePalette
SetPixel
SetDIBColorTable
OffsetRgn
Rectangle
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
LPtoDP
RoundRect
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetViewportOrgEx
SetPixelV
GetTextFaceW
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
SetTextColor
SetBkColor
CreateCompatibleBitmap
BitBlt
CreateSolidBrush
DeleteDC
SelectObject
GetDeviceCaps
GetStockObject
StretchBlt
GetObjectW
CreateCompatibleDC
GetBkColor
DeleteObject

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegEnumValueW
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
CryptAcquireContextW
RegQueryValueW
RegEnumKeyW

shell32

DragFinish
DragQueryFileW
SHAppBarMessage
SHGetDesktopFolder
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHGetMalloc

comctl32

InitCommonControlsEx

shlwapi

StrFormatKBSizeW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFileExistsW
PathRemoveFileSpecW

uxtheme

IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetThemeSysColor
IsAppThemed
DrawThemeParentBackground
DrawThemeText
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetWindowTheme

ole32

OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
CoInitializeEx
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

LoadTypeLi
SysStringLen
SysAllocString
SysFreeString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SafeArrayDestroy
VariantCopy
VarBstrFromDate
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime

oledlg

OleUIBusyW

gdiplus

GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipDrawImageI
GdipFree
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipGetImagePixelFormat
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdipAlloc
GdiplusStartup

wldap32

ord301
ord147
ord133
ord219
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord73
ord216
ord14
ord46
ord145

ws2_32

socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
sendto
gethostname
ntohl
recvfrom
closesocket
recv
send
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
freeaddrinfo

winmm

PlaySoundW

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 419KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 698KB - Virtual size: 698KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b28930c025c06af4f7765ce92dcd48cf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

wldap32

ws2_32

winmm

crypt32

wininet

iphlpapi

oleacc

imm32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 419KB - Virtual size: 418KB

.data Size: 24KB - Virtual size: 42KB

.rsrc Size: 698KB - Virtual size: 698KB

.reloc Size: 155KB - Virtual size: 155KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 419KB - Virtual size: 418KB

.data
Size: 24KB - Virtual size: 42KB

.rsrc
Size: 698KB - Virtual size: 698KB

.reloc
Size: 155KB - Virtual size: 155KB