ldr_HL39cTkUIG[.]exe

Resubmissions

14/06/2024, 16:46

240614-t91q3aydqh 8

Sharing

Copy URL

Twitter E-mail

General

Target

ldr_HL39cTkUIG.exe
Size

18.9MB
MD5

e85d8cd73a221953c10c6ae719c4daae
SHA1

a78ad50dd874b8a159c1300035927ffae558930f
SHA256

320d56906b73e07663ae65f53e6ee1008042e3ecdd640f34d60e48c035fa7eb5
SHA512

10c36ff7963159f6b76e80105aefefef3d6a075ad6d9d9a79397ce4f24f9f2f8deed59033543b0722614340ac9a9524c466509c609458b0160d826bc8e77fcd2
SSDEEP

393216:Infyt2vkj2gwfhbjlZDnJAKqnPg69iG4C7NH:tt2Q2XtRtnmVFJp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ldr_HL39cTkUIG.exe

Files

ldr_HL39cTkUIG.exe
.exe windows:6 windows x64 arch:x64

511b52afdc22b2d90c4cfb3f02c744e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathFileExistsW

iphlpapi

GetIpForwardTable

gdiplus

GdipSaveImageToStream

kernel32

GetVersion
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

GetWindow

gdi32

DeleteDC

advapi32

RegSetValueExW

shell32

SHGetFolderPathW

ole32

CLSIDFromString

ntdll

RtlLookupFunctionEntry

ws2_32

ntohl

dbghelp

SymSetOptions

crypt32

CertOpenStore

bcrypt

BCryptGenRandom

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 462KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.(0l
Size: - Virtual size: 11.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.^M&
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Wy1
Size: 18.9MB - Virtual size: 18.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

511b52afdc22b2d90c4cfb3f02c744e1

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

iphlpapi

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

ntdll

ws2_32

dbghelp

crypt32

bcrypt

Sections

.text Size: - Virtual size: 1.1MB

.rdata Size: - Virtual size: 462KB

.data Size: - Virtual size: 66KB

.pdata Size: - Virtual size: 51KB

.detourc Size: - Virtual size: 8KB

.detourd Size: - Virtual size: 24B

.(0l Size: - Virtual size: 11.9MB

.^M& Size: 4KB - Virtual size: 4KB

.Wy1 Size: 18.9MB - Virtual size: 18.9MB

.reloc Size: 512B - Virtual size: 56B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 1.1MB

.rdata
Size: - Virtual size: 462KB

.data
Size: - Virtual size: 66KB

.pdata
Size: - Virtual size: 51KB

.detourc
Size: - Virtual size: 8KB

.detourd
Size: - Virtual size: 24B

.(0l
Size: - Virtual size: 11.9MB

.^M&
Size: 4KB - Virtual size: 4KB

.Wy1
Size: 18.9MB - Virtual size: 18.9MB

.reloc
Size: 512B - Virtual size: 56B

.rsrc
Size: 512B - Virtual size: 480B