ludusavi[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ludusavi.exe
Size

25.6MB
MD5

02111bcade8a92ceddf6320a2cbe2fa9
SHA1

84fd9dd943d19f7f8961e3c0b0fe624e9d890e2c
SHA256

798cb48fda8317fb45f620ccfe05b62d53b64dd97e75c768168fe73a59e9bdef
SHA512

aaa6d98128c9eeea46966c59e576504d7d1821a2ade9bc3193226ca5ac09688a6cfa65e19e1821060ed4950bd226bcc27a7cb2c398c55e40ebfac2ed0bf82599
SSDEEP

196608:NYH+uDRfGtSRhj7XOVb3eR8T4NRvZ1QWwSYrC67BZQEz8xbSWoYP:NED4tSRh/OEGT4N8rC67BZQEz8xGWB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ludusavi.exe

Files

ludusavi.exe
.exe windows:6 windows x64 arch:x64

29d11112e5b7c1046a4e5d89ada3bc90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ludusavi.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WakeByAddressAll
WaitOnAddress

bcrypt

BCryptGenRandom

advapi32

RegQueryValueExW
GetUserNameW
SystemFunction036
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

kernel32

GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
RtlUnwindEx
RtlPcToFileHeader
CloseHandle
FreeConsole
SetStdHandle
GetCurrentThreadId
GetConsoleMode
GetFileType
GetFileInformationByHandleEx
CreateFileW
SetConsoleMode
GetLastError
lstrlenW
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
RtlVirtualUnwind
GetBinaryTypeW
LoadLibraryExW
GetFileInformationByHandle
SetFileAttributesW
MoveFileExW
GetTimeZoneInformationForYear
SetFileTime
GlobalLock
GlobalSize
GlobalAlloc
GlobalFree
GlobalUnlock
SetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
GetOverlappedResult
SetFileCompletionNotificationModes
GetUserPreferredUILanguages
GetCurrentProcess
DuplicateHandle
VirtualProtect
QueryPerformanceFrequency
RemoveVectoredExceptionHandler
GetModuleHandleW
GetModuleHandleA
AddVectoredExceptionHandler
GetModuleHandleExW
GetModuleFileNameW
SetThreadErrorMode
LoadLibraryExA
CreateEventW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CreateEventA
GetStdHandle
SetConsoleCursorPosition
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
GetConsoleCursorInfo
SetConsoleCursorInfo
GetNumberOfConsoleInputEvents
ReadConsoleInputW
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
SetThreadStackGuarantee
GetCurrentThread
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
SetFileInformationByHandle
SetFilePointerEx
WriteFileEx
SleepEx
GetExitCodeProcess
TerminateProcess
GetSystemTimePreciseAsFileTime
ReleaseMutex
FindNextFileW
FindClose
CreateDirectoryW
FindFirstFileW
GetFinalPathNameByHandleW
CopyFileExW
CancelIo
ExitProcess
CreateNamedPipeW
ReadFileEx
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
WriteConsoleW
ReadConsoleW
CreateThread
CreateMutexA
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetConsoleOutputCP
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
EncodePointer
FlsGetValue
FlsAlloc
GetTimeZoneInformation
GetCommandLineA
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter

user32

SetForegroundWindow
SendInput
RegisterRawInputDevices
GetRawInputData
GetWindowRect
IsIconic
MapVirtualKeyExW
GetKeyState
TrackPopupMenu
GetKeyboardState
GetAsyncKeyState
SetMenuDefaultItem
EnableMenuItem
GetSystemMenu
ClientToScreen
GetDC
SetWindowTextW
ValidateRect
GetClientRect
GetSystemMetrics
RegisterTouchWindow
CreateIcon
MapVirtualKeyW
MonitorFromPoint
SetWindowDisplayAffinity
SetWindowPos
InvalidateRgn
RegisterClassExW
CreateWindowExW
GetActiveWindow
FlashWindowEx
GetKeyboardLayout
GetForegroundWindow
SetWindowLongPtrW
PeekMessageW
TranslateMessage
SendMessageW
DestroyIcon
DispatchMessageW
ReleaseCapture
LoadCursorW
ShowCursor
ClipCursor
GetClipCursor
AdjustWindowRectEx
SetCapture
RegisterWindowMessageA
KillTimer
SetTimer
RegisterClassExA
DefWindowProcA
GetWindowLongW
GetMessageW
CreateWindowExA
CloseClipboard
ReleaseDC
SetWindowLongW
EmptyClipboard
SetCursor
DestroyWindow
GetWindowLongPtrW
DefWindowProcW
SetClipboardData
GetClipboardData
OpenClipboard
GetMenu
MonitorFromRect
ShowWindow
MessageBoxW
PostMessageW
IsProcessDPIAware
GetTouchInputInfo
ScreenToClient
IsWindowVisible
SetWindowPlacement
SystemParametersInfoA
ToUnicodeEx
GetWindowPlacement
CloseTouchInputHandle
ChangeDisplaySettingsExW
RedrawWindow
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
TrackMouseEvent

gdi32

DeleteDC
CreateDIBSection
SelectObject
BitBlt
CreateRectRgn
GetDeviceCaps
DeleteObject
ChoosePixelFormat
GetPixelFormat
SetPixelFormat
DescribePixelFormat
SwapBuffers
CreateCompatibleDC

ole32

RegisterDragDrop
OleInitialize
CoCreateInstance
CoInitializeEx
RevokeDragDrop
CoUninitialize
CoTaskMemFree

dwmapi

DwmEnableBlurBehindWindow

shell32

DragFinish
ShellExecuteW
SHCreateItemFromParsingName
DragQueryFileW
SHGetKnownFolderPath

ws2_32

getaddrinfo
freeaddrinfo
closesocket
WSACleanup
WSAStartup
WSAGetLastError
WSAIoctl
setsockopt
WSASend
send
recv
shutdown
getsockopt
ioctlsocket
connect
bind
WSASocketW
getpeername
getsockname

uxtheme

SetWindowTheme

imm32

ImmGetCompositionStringW
ImmReleaseContext
ImmAssociateContextEx
ImmGetContext

ntdll

NtReadFile
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtWriteFile

opengl32

wglCreateContext
wglMakeCurrent
wglDeleteContext
wglGetProcAddress
wglGetCurrentContext

d3dcompiler_47

D3DCompile

oleaut32

GetErrorInfo
SysStringLen
SysFreeString

Sections

.text
Size: 17.9MB - Virtual size: 17.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 773KB - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29d11112e5b7c1046a4e5d89ada3bc90

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

bcrypt

advapi32

kernel32

user32

gdi32

ole32

dwmapi

shell32

ws2_32

uxtheme

imm32

ntdll

opengl32

d3dcompiler_47

oleaut32

Sections

.text Size: 17.9MB - Virtual size: 17.9MB

.rdata Size: 6.7MB - Virtual size: 6.7MB

.data Size: 44KB - Virtual size: 59KB

.pdata Size: 773KB - Virtual size: 772KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 110KB - Virtual size: 110KB

.text
Size: 17.9MB - Virtual size: 17.9MB

.rdata
Size: 6.7MB - Virtual size: 6.7MB

.data
Size: 44KB - Virtual size: 59KB

.pdata
Size: 773KB - Virtual size: 772KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 110KB - Virtual size: 110KB