lol[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

lol.exe
Size

2.3MB
MD5

b61c9121193794c1154f25c0a6ab0116
SHA1

f5ff016f95bb21fea7475c50fe5320e6c86f44c7
SHA256

ab87e162b2577135116b65cdd0abce839a84ed2a10113b05e1adb1bfc285d281
SHA512

e03aed7dd09222a798d4bb1a4fb233f2208e2f3ad77cec584c6e70eb2e535c6140e5dfe635066f687cb521517b3cc8e9cf3b53c7ac414be796a93a13529ac388
SSDEEP

24576:WoeVap9SvaHMv6CGrjBnybQg+mmhLgDhdkMRWfLTUO2Zu1um5pFc:WoGapAv1vYjUbQgvdkMgl2Zu7vc

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
lol.exe

Files

lol.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\SerGreen\Source\Repos\Appacker\UnpackerWindowless\obj\Release\UnpackerWindowless.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 552KB - Virtual size: 551KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ