5lz9c[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5lz9c.exe
Size

17.4MB
MD5

f0cfa76ed73cb9e7041215bbe1de9a92
SHA1

4981322f2402dc2df09a806d3184b459d2169f13
SHA256

f19b0f261627ae7954b578744a393e230b6608cf7039dec3d571c414dd560170
SHA512

8ce1b4e33bbf0b90fa9e479987ca79398e0e9ba9f2f385bc01f894d3890c777ef4d0649db0a28396b95996e5909b81c5d6b08eb8a731d2938d87be002ea92246
SSDEEP

98304:iceV/7q+mWCWfHzZm5bbJTCVbnL3hs1qlYzauFIrwYhLoCRH3Sz+cyBgPvAKhZ3y:KEJTKBh06CBAcVLKH

Score

1^/10

Malware Config

Signatures

Files

5lz9c.exe
.dll windows:5 windows x64 arch:x64

Password: infected

bb2dcca7fc72028a48c5540107f3e1ab

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:dd:95:4a:de:3f:c7:2a:53:11:2b:d7
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

20/10/2022, 16:26

Not After

20/10/2025, 16:26

Subject

SERIALNUMBER=0800764913,CN=SpyShelter (Netmeetings LLC),O=SpyShelter (Netmeetings LLC),STREET=3006 BEE CAVES RD STE D202,L=AUSTIN,ST=TEXAS,C=US,1.3.6.1.4.1.311.60.2.1.2=#13055445584153,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d8:45:37:ad:72:a8:ed:f5:c3:de:9c:62:21:27:1c:ee:a0:17:1d:8b:71:dc:3a:84:d9:f7:b9:dd:ea:12:b7:7c
Signer

Actual PE Digest

d8:45:37:ad:72:a8:ed:f5:c3:de:9c:62:21:27:1c:ee:a0:17:1d:8b:71:dc:3a:84:d9:f7:b9:dd:ea:12:b7:7c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\b\s\w\ir\cache\builder\src\out\host_release\flutter_windows.dll.pdb

Imports

advapi32

RegOpenKeyExW
RegCloseKey
RegGetValueW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegEnumKeyExW
SystemFunction036
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW

iphlpapi

GetAdaptersAddresses

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

SysFreeString
SysStringLen
SafeArrayCreateVector
SafeArrayPutElement
VariantCopy
LoadTypeLi
SafeArrayGetDim
VarUI4FromStr
SafeArrayGetLBound
SafeArrayGetUBound
VariantClear
LoadRegTypeLi
VarBstrCmp
SafeArrayDestroy
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
VariantInit
SysAllocStringLen
SafeArrayGetVartype

psapi

GetProcessMemoryInfo
EnumProcessModules

shlwapi

PathIsRelativeW

rpcrt4

UuidCreateSequential
UuidToStringW
RpcStringFreeW

winmm

timeEndPeriod
timeBeginPeriod

ws2_32

connect
getaddrinfo
recv
send
shutdown
closesocket
socket
setsockopt
WSAIoctl
WSARecv
WSASend
ioctlsocket
WSARecvFrom
gethostname
htons
ntohs
WSAAddressToStringW
WSAStartup
getsockname
getpeername
getnameinfo
InetPtonW
InetNtopW
bind
listen
WSASocketW
freeaddrinfo
getsockopt
WSAGetLastError
WSASendTo
WSASetLastError

imm32

ImmGetCompositionStringW
ImmReleaseContext
ImmSetCompositionWindow
ImmSetCompositionStringW
ImmNotifyIME
ImmGetContext
ImmSetCandidateWindow

user32

KillTimer
PostMessageW
GetSysColor
SetClipboardData
UnregisterClassA
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
CloseClipboard
MessageBeep
GetKeyState
CloseTouchInputHandle
GetTouchInputInfo
DestroyCaret
ReleaseCapture
CreateCaret
SetCapture
GetMessageExtraInfo
DefWindowProcW
RegisterTouchWindow
SetWindowLongPtrW
SendMessageW
MapVirtualKeyW
PeekMessageW
RegisterClassW
GetFocus
TrackMouseEvent
ScreenToClient
GetCursorPos
SetCursor
IsWindowVisible
DestroyWindow
SetTimer
SetUserObjectInformationA
CreateWindowExW
LoadCursorW
SystemParametersInfoW
ClientToScreen
MonitorFromPoint
MonitorFromWindow
UnregisterClassW
CreateIconIndirect
ReleaseDC
GetDC
IsWindow
GetClassInfoW
GetClientRect
WindowFromDC
GetWindowThreadProcessId
IsIconic
InvalidateRect
CreateWindowExA
SetCaretPos
PostQuitMessage
EnumThreadWindows
GetParent
CharNextW
GetWindowLongPtrW
NotifyWinEvent
EmptyClipboard

gdi32

DescribePixelFormat
SetPixelFormat
ChoosePixelFormat
SwapBuffers
GetPixelFormat
SetDIBitsToDevice
GetDeviceCaps
DeleteDC
SetPixel
GetPixel
SelectObject
CreateCompatibleBitmap
GetObjectW
CreateCompatibleDC
CreateDIBSection
DeleteObject

opengl32

wglGetCurrentContext
wglGetProcAddress

bcrypt

BCryptGenRandom

ntdll

RtlUnwindEx
RtlUnwind
VerSetConditionMask

oleacc

LresultFromObject

uiautomationcore

UiaRaiseAutomationEvent
UiaRaiseAutomationPropertyChangedEvent
UiaGetReservedNotSupportedValue
UiaGetReservedMixedAttributeValue
UiaHostProviderFromHwnd

propsys

VariantCompare

dxgi

CreateDXGIFactory1
CreateDXGIFactory

d3d9

D3DPERF_SetMarker
D3DPERF_GetStatus
Direct3DCreate9
D3DPERF_EndEvent
D3DPERF_BeginEvent

kernel32

InitializeCriticalSectionEx
RtlPcToFileHeader
GetStringTypeW
InitOnceComplete
InitOnceBeginInitialize
GetExitCodeThread
SwitchToThread
GetFileInformationByHandleEx
FindFirstFileExW
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetEnvironmentVariableW
SetEnvironmentVariableW
EncodePointer
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetModuleHandleExW
LoadLibraryExA
GetModuleHandleExA
GetModuleHandleA
LocaleNameToLCID
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
SleepConditionVariableSRW
VirtualQuery
TlsFree
CreatePipe
SetEvent
LoadLibraryExW
QueryPerformanceFrequency
WakeAllConditionVariable
WakeConditionVariable
SleepConditionVariableCS
TryAcquireSRWLockExclusive
SetFileTime
DeviceIoControl
MoveFileW
CopyFileExW
CreateSymbolicLinkW
VirtualFree
VirtualProtect
SetFilePointerEx
VirtualAlloc
SetFileAttributesW
MoveFileExW
GetConsoleScreenBufferInfo
GetExitCodeProcess
CreateNamedPipeW
TerminateProcess
OpenProcess
WaitForMultipleObjects
CreateProcessW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLocaleName
SetUnhandledExceptionFilter
SetCurrentDirectoryW
GetCurrentDirectoryW
GetQueuedCompletionStatus
ReadDirectoryChangesW
PostQueuedCompletionStatus
GetFileType
OpenThread
CancelIoEx
CreateIoCompletionPort
SetStdHandle
SetConsoleMode
GetConsoleMode
GetStdHandle
SetConsoleCP
CompareStringEx
GetCPInfo
InterlockedPushEntrySList
InterlockedFlushSList
CreateThread
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
PeekNamedPipe
ReadConsoleW
TzSpecificLocalTimeToSystemTime
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
InitializeConditionVariable
GetTempFileNameA
SetConsoleOutputCP
GetConsoleOutputCP
SetConsoleCtrlHandler
GetFinalPathNameByHandleA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
WaitForSingleObjectEx
WriteFile
UnlockFileEx
SystemTimeToFileTime
Sleep
QueryPerformanceCounter
LockFileEx
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetTempPathA
GetSystemInfo
InitializeCriticalSectionAndSpinCount
GetLastError
FormatMessageW
DecodePointer
DeleteCriticalSection
LoadLibraryA
GetProcAddress
CreateEventW
RegisterWaitForSingleObject
ResetEvent
UnregisterWait
CloseHandle
OutputDebugStringW
LocalFree
GetCurrentProcess
GetModuleHandleW
GetCurrentThread
SetThreadPriority
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetLocaleInfoEx
GetCurrentThreadId
GetCurrentProcessId
CreateToolhelp32Snapshot
Thread32Next
Thread32First
FormatMessageA
GetThreadPreferredUILanguages
CreateSemaphoreW
WaitForSingleObject
ReleaseSemaphore
RaiseException
GetCommandLineW
WideCharToMultiByte
GetTempPathW
CreateDirectoryW
CreateFileW
DuplicateHandle
GetFileInformationByHandle
GetFileAttributesW
RemoveDirectoryW
DeleteFileW
SetFilePointer
SetEndOfFile
FlushViewOfFile
FlushFileBuffers
FindFirstFileW
FindNextFileW
FindClose
GetFinalPathNameByHandleW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateWaitableTimerW
VerifyVersionInfoW
SetWaitableTimer
LoadLibraryW
FreeLibrary
GetModuleFileNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
GetSystemTimeAsFileTime
CreateFileA
IsDebuggerPresent
GetNativeSystemInfo
MultiByteToWideChar
OutputDebugStringA
GetFileSizeEx
ReadFile
ExitProcess
InitOnceExecuteOnce
InitializeSRWLock
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
TlsGetValue
TlsAlloc
SetLastError
TlsSetValue
AreFileApisANSI
GetFileAttributesExW
GetFullPathNameW
WriteConsoleW

crypt32

CertEnumCertificatesInStore
CertFreeCertificateContext
CertCloseStore
CertOpenStore

Exports

Exports

FlutterDesktopEngineCreate
FlutterDesktopEngineDestroy
FlutterDesktopEngineGetMessenger
FlutterDesktopEngineGetPluginRegistrar
FlutterDesktopEngineGetTextureRegistrar
FlutterDesktopEngineProcessExternalWindowMessage
FlutterDesktopEngineProcessMessages
FlutterDesktopEngineReloadSystemFonts
FlutterDesktopEngineRun
FlutterDesktopEngineSetNextFrameCallback
FlutterDesktopGetDpiForHWND
FlutterDesktopGetDpiForMonitor
FlutterDesktopMessengerAddRef
FlutterDesktopMessengerIsAvailable
FlutterDesktopMessengerLock
FlutterDesktopMessengerRelease
FlutterDesktopMessengerSend
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSetCallback
FlutterDesktopMessengerUnlock
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopPluginRegistrarGetView
FlutterDesktopPluginRegistrarRegisterTopLevelWindowProcDelegate
FlutterDesktopPluginRegistrarSetDestructionHandler
FlutterDesktopPluginRegistrarUnregisterTopLevelWindowProcDelegate
FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopResyncOutputStreams
FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopViewControllerCreate
FlutterDesktopViewControllerDestroy
FlutterDesktopViewControllerForceRedraw
FlutterDesktopViewControllerGetEngine
FlutterDesktopViewControllerGetView
FlutterDesktopViewControllerHandleTopLevelWindowProc
FlutterDesktopViewGetGraphicsAdapter
FlutterDesktopViewGetHWND

Sections

.text
Size: 13.6MB - Virtual size: 13.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 397KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 451KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

bb2dcca7fc72028a48c5540107f3e1ab

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

5b:dd:95:4a:de:3f:c7:2a:53:11:2b:d7Certificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

d8:45:37:ad:72:a8:ed:f5:c3:de:9c:62:21:27:1c:ee:a0:17:1d:8b:71:dc:3a:84:d9:f7:b9:dd:ea:12:b7:7cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

iphlpapi

ole32

oleaut32

psapi

shlwapi

rpcrt4

winmm

ws2_32

imm32

user32

gdi32

opengl32

bcrypt

ntdll

oleacc

uiautomationcore

propsys

dxgi

d3d9

kernel32

crypt32

Exports

Exports

Sections

.text Size: 13.6MB - Virtual size: 13.6MB

.rdata Size: 2.8MB - Virtual size: 2.8MB

.data Size: 397KB - Virtual size: 476KB

.pdata Size: 451KB - Virtual size: 451KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 135KB - Virtual size: 135KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

5b:dd:95:4a:de:3f:c7:2a:53:11:2b:d7
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

d8:45:37:ad:72:a8:ed:f5:c3:de:9c:62:21:27:1c:ee:a0:17:1d:8b:71:dc:3a:84:d9:f7:b9:dd:ea:12:b7:7c
Signer

.text
Size: 13.6MB - Virtual size: 13.6MB

.rdata
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 397KB - Virtual size: 476KB

.pdata
Size: 451KB - Virtual size: 451KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 135KB - Virtual size: 135KB