LOJAX-main[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

LOJAX-main.zip
Size

2.4MB
MD5

13c66b59f71df05dd2ec00d81d7bf72f
SHA1

9a2160c3628c129547a3c0952bb117921886348a
SHA256

ccba2f0e61e0d843bf8572c3e53b90aa42355d59cadee48e830330eb74fae446
SHA512

28b3769136f248d226c7a9aee88278d300d04c70de05fe266cc9e24288646ec470a4081bc50cf7ea55e76d381b5863f6ab02d39c45acccb34f9df19c83088429
SSDEEP

49152:EWPAboOfHYhGdHqOvayIP0tEMjisvuIqfzUeQh2oW3XXiVTsGeZkRiTpQ2T:MboOf3dfSyIstXisvuTfzUlhFoXXiaGA

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LOJAX-main/(81e96c07e6c9cb02f72c0943a42ff9f8f09a09c508f8bbaa1142a9ee4f1326cf)LoJaxInfo_EFI._ex
unpack001/LOJAX-main/430cbf950f9cea3f77374145f488a104f4ab664edca448effacbf2f8ba01b901
unpack001/LOJAX-main/Dir1/060448ffd71fe2edbb5fe7c6298ad2b077e57fa6ed6d4250fbd799dd85488843
unpack001/LOJAX-main/Dir1/0860f29226069a732f988cb70ea6d51057d204d421bb709b8e759376b0c4d201
unpack001/LOJAX-main/Dir1/27dd9de09e22efa2ef12e9e2f462fa9da83684bdb4ec900dd86439c5758107d9
unpack001/LOJAX-main/Dir1/37f15647c26d475db805048d6592aa153533ac5f4373145c75e24012a51ad9f8
unpack001/LOJAX-main/Dir1/500f426f98d4c00d29825f976b9457a274aed781a560a60e89cba4805cd47186
unpack001/LOJAX-main/Dir1/539cdc37c34eebb28a74f0dceeee0331e6ac6f4682e55fddd69d6f9de7ab9b77
unpack001/LOJAX-main/Dir1/634795a3acbae8964bb31e3ebed7f29208844978a512fc26a8b9a51901f9cab9
unpack001/LOJAX-main/Dir1/a97b1a792f7b53929a1c01bad9fc2bd606a15e8e32755daa15570e356baa0112
unpack001/LOJAX-main/Dir1/dcbfd12321fa7c4fa9a72486ced578fdc00dcee79e6d95aa481791f044a55af3
unpack001/LOJAX-main/Dir1/eb4e174db15646f71cb1d2c471e5794a8429ca29369c8eff6042122cc6dc6845
unpack001/LOJAX-main/FTP_DATA-Fvh8YG2egBnR4ZgERl.ex_(6d626c7f661b8cc477569e8e89bfe578770fca332beefea1ee49c20def97226e)
unpack001/LOJAX-main/Lojack.dll.bin.aa5b25c969234e5c9a8e3aa7aefb9444f2cc95247b5b52ef83bf4a68032980ae
unpack001/LOJAX-main/SecDxe(7ea33696c91761e95697549e0b0f84db2cf4033216cd16c3264b10daa31f598c)
unpack001/LOJAX-main/c28ad61fc748c08e8714cb247e741b736ebf0d9dfbcc3579f66fe3168326f61
unpack001/LOJAX-main/d0e9f0c79da838bd71a1c4ba6c5c9382569941dc38e7fa2c92009b364673d498

Files

LOJAX-main.zip
.zip
LOJAX-main/(81e96c07e6c9cb02f72c0943a42ff9f8f09a09c508f8bbaa1142a9ee4f1326cf)LoJaxInfo_EFI._ex
.exe windows:5 windows x86 arch:x86

5dfe98175c81190c8a176e1ce4524726

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
CloseHandle
DeleteFileW
GetFirmwareEnvironmentVariableW
GetTickCount
Sleep
GetProcAddress
GetCurrentDirectoryW
GetLastError
CreateFileW
GetVersionExW
GetSystemWow64DirectoryW
WideCharToMultiByte
GetSystemDirectoryW
WriteFile
GetCurrentProcess
DeviceIoControl
InterlockedDecrement
WriteConsoleW
GetStringTypeW
LCMapStringW
ReadFile
SetEndOfFile
SetFilePointer
MultiByteToWideChar
lstrlenA
LocalFree
HeapFree
HeapAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RtlUnwind
EncodePointer
DecodePointer
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryW
HeapSize
IsProcessorFeaturePresent
FreeLibrary
CreateFileA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetProcessHeap
VirtualQuery
HeapReAlloc

advapi32

QueryServiceStatusEx
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
ControlService

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantClear
SysAllocString

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 242KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LOJAX-main/430cbf950f9cea3f77374145f488a104f4ab664edca448effacbf2f8ba01b901
.sys windows:5 windows x86 arch:x86

8d9fc0c33c885eb8ca5e0a464a44207f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlNormalizeProcessParams
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U
NtOpenKey
NtCreateKey
NtSetValueKey
NtCreateFile
NtClose
NtTerminateProcess

Sections

.text
Size: 1024B - Virtual size: 877B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LOJAX-main/Dir1/060448ffd71fe2edbb5fe7c6298ad2b077e57fa6ed6d4250fbd799dd85488843
.exe windows:4 windows x86 arch:x86

5ca3fccf907dd5d90b504f5066ae19f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_addr
WSAStartup
WSACleanup

user32

DefWindowProcA
wsprintfA
PostQuitMessage
RegisterClassA
TranslateMessage
GetMessageA
PeekMessageA
PostMessageA
DispatchMessageA
CreateWindowExA
SetTimer
PostThreadMessageA
KillTimer

kernel32

VirtualFreeEx
DeleteCriticalSection
OpenProcess
WriteFile
CloseHandle
RtlUnwind
GetVersion
LocalAlloc
SetFilePointer
CreateProcessA
GetModuleHandleA
GetLastError
LocalFree
ExitThread
SetEvent
ReadFile
TerminateProcess
WaitForSingleObject
WriteProcessMemory
ReadProcessMemory
ResetEvent
LeaveCriticalSection
GetStdHandle
TerminateThread
ExitProcess
InitializeCriticalSection
GetModuleFileNameA
GetProcAddress
WaitForMultipleObjects
CreateRemoteThread
lstrlenA
CreateEventA
GetExitCodeThread
CreateThread
lstrcmpiA
EnterCriticalSection
GetCurrentProcessId
CreateFileA
SetThreadPriority
ResumeThread
lstrcpyA
GetOverlappedResult
FreeLibrary
RaiseException
GetCurrentThreadId
lstrcatA
GetEnvironmentVariableA
SetStdHandle
VirtualAllocEx
Sleep
CopyFileA
LoadLibraryA

advapi32

RegQueryValueExA
RegEnumValueA
RegOpenKeyA
RegDeleteValueA
SetServiceStatus
OpenProcessToken
RegOpenKeyExA
StartServiceCtrlDispatcherA
SetTokenInformation
RegCloseKey
RegisterServiceCtrlHandlerA
DuplicateTokenEx
CreateProcessAsUserA

Exports

Exports

rpcnetp

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LOJAX-main/Dir1/0860f29226069a732f988cb70ea6d51057d204d421bb709b8e759376b0c4d201
.exe windows:4 windows x86 arch:x86

5ca3fccf907dd5d90b504f5066ae19f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_addr
WSAStartup
WSACleanup

user32

DefWindowProcA
wsprintfA
PostQuitMessage
RegisterClassA
TranslateMessage
GetMessageA
PeekMessageA
PostMessageA
DispatchMessageA
CreateWindowExA
SetTimer
PostThreadMessageA
KillTimer

kernel32

VirtualFreeEx
DeleteCriticalSection
OpenProcess
WriteFile
CloseHandle
RtlUnwind
GetVersion
LocalAlloc
SetFilePointer
CreateProcessA
GetModuleHandleA
GetLastError
LocalFree
ExitThread
SetEvent
ReadFile
TerminateProcess
WaitForSingleObject
WriteProcessMemory
ReadProcessMemory
ResetEvent
LeaveCriticalSection
GetStdHandle
TerminateThread
ExitProcess
InitializeCriticalSection
GetModuleFileNameA
GetProcAddress
WaitForMultipleObjects
CreateRemoteThread
lstrlenA
CreateEventA
GetExitCodeThread
CreateThread
lstrcmpiA
EnterCriticalSection
GetCurrentProcessId
CreateFileA
SetThreadPriority
ResumeThread
lstrcpyA
GetOverlappedResult
FreeLibrary
RaiseException
GetCurrentThreadId
lstrcatA
GetEnvironmentVariableA
SetStdHandle
VirtualAllocEx
Sleep
CopyFileA
LoadLibraryA

advapi32

RegQueryValueExA
RegEnumValueA
RegOpenKeyA
RegDeleteValueA
SetServiceStatus
OpenProcessToken
RegOpenKeyExA
StartServiceCtrlDispatcherA
SetTokenInformation
RegCloseKey
RegisterServiceCtrlHandlerA
DuplicateTokenEx
CreateProcessAsUserA

Exports

Exports

rpcnetp

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LOJAX-main/Dir1/27dd9de09e22efa2ef12e9e2f462fa9da83684bdb4ec900dd86439c5758107d9
.exe windows:4 windows x86 arch:x86

5ca3fccf907dd5d90b504f5066ae19f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_addr
WSAStartup
WSACleanup

user32

DefWindowProcA
wsprintfA
PostQuitMessage
RegisterClassA
TranslateMessage
GetMessageA
PeekMessageA
PostMessageA
DispatchMessageA
CreateWindowExA
SetTimer
PostThreadMessageA
KillTimer

kernel32

VirtualFreeEx
DeleteCriticalSection
OpenProcess
WriteFile
CloseHandle
RtlUnwind
GetVersion
LocalAlloc
SetFilePointer
CreateProcessA
GetModuleHandleA
GetLastError
LocalFree
ExitThread
SetEvent
ReadFile
TerminateProcess
WaitForSingleObject
WriteProcessMemory
ReadProcessMemory
ResetEvent
LeaveCriticalSection
GetStdHandle
TerminateThread
ExitProcess
InitializeCriticalSection
GetModuleFileNameA
GetProcAddress
WaitForMultipleObjects
CreateRemoteThread
lstrlenA
CreateEventA
GetExitCodeThread
CreateThread
lstrcmpiA
EnterCriticalSection
GetCurrentProcessId
CreateFileA
SetThreadPriority
ResumeThread
lstrcpyA
GetOverlappedResult
FreeLibrary
RaiseException
GetCurrentThreadId
lstrcatA
GetEnvironmentVariableA
SetStdHandle
VirtualAllocEx
Sleep
CopyFileA
LoadLibraryA

advapi32

RegQueryValueExA
RegEnumValueA
RegOpenKeyA
RegDeleteValueA
SetServiceStatus
OpenProcessToken
RegOpenKeyExA
StartServiceCtrlDispatcherA
SetTokenInformation
RegCloseKey
RegisterServiceCtrlHandlerA
DuplicateTokenEx
CreateProcessAsUserA

Exports

Exports

rpcnetp

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LOJAX-main/Dir1/37f15647c26d475db805048d6592aa153533ac5f4373145c75e24012a51ad9f8
.exe windows:4 windows x86 arch:x86

5ca3fccf907dd5d90b504f5066ae19f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_addr
WSAStartup
WSACleanup

user32

DefWindowProcA
wsprintfA
PostQuitMessage
RegisterClassA
TranslateMessage
GetMessageA
PeekMessageA
PostMessageA
DispatchMessageA
CreateWindowExA
SetTimer
PostThreadMessageA
KillTimer

kernel32

VirtualFreeEx
DeleteCriticalSection
OpenProcess
WriteFile
CloseHandle
RtlUnwind
GetVersion
LocalAlloc
SetFilePointer
CreateProcessA
GetModuleHandleA
GetLastError
LocalFree
ExitThread
SetEvent
ReadFile
TerminateProcess
WaitForSingleObject
WriteProcessMemory
ReadProcessMemory
ResetEvent
LeaveCriticalSection
GetStdHandle
TerminateThread
ExitProcess
InitializeCriticalSection
GetModuleFileNameA
GetProcAddress
WaitForMultipleObjects
CreateRemoteThread
lstrlenA
CreateEventA
GetExitCodeThread
CreateThread
lstrcmpiA
EnterCriticalSection
GetCurrentProcessId
CreateFileA
SetThreadPriority
ResumeThread
lstrcpyA
GetOverlappedResult
FreeLibrary
RaiseException
GetCurrentThreadId
lstrcatA
GetEnvironmentVariableA
SetStdHandle
VirtualAllocEx
Sleep
CopyFileA
LoadLibraryA

advapi32

RegQueryValueExA
RegEnumValueA
RegOpenKeyA
RegDeleteValueA
SetServiceStatus
OpenProcessToken
RegOpenKeyExA
StartServiceCtrlDispatcherA
SetTokenInformation
RegCloseKey
RegisterServiceCtrlHandlerA
DuplicateTokenEx
CreateProcessAsUserA

Exports

Exports

rpcnetp

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LOJAX-main/Dir1/500f426f98d4c00d29825f976b9457a274aed781a560a60e89cba4805cd47186
.exe windows:4 windows x86 arch:x86

5ca3fccf907dd5d90b504f5066ae19f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_addr
WSAStartup
WSACleanup

user32

DefWindowProcA
wsprintfA
PostQuitMessage
RegisterClassA
TranslateMessage
GetMessageA
PeekMessageA
PostMessageA
DispatchMessageA
CreateWindowExA
SetTimer
PostThreadMessageA
KillTimer

kernel32

VirtualFreeEx
DeleteCriticalSection
OpenProcess
WriteFile
CloseHandle
RtlUnwind
GetVersion
LocalAlloc
SetFilePointer
CreateProcessA
GetModuleHandleA
GetLastError
LocalFree
ExitThread
SetEvent
ReadFile
TerminateProcess
WaitForSingleObject
WriteProcessMemory
ReadProcessMemory
ResetEvent
LeaveCriticalSection
GetStdHandle
TerminateThread
ExitProcess
InitializeCriticalSection
GetModuleFileNameA
GetProcAddress
WaitForMultipleObjects
CreateRemoteThread
lstrlenA
CreateEventA
GetExitCodeThread
CreateThread
lstrcmpiA
EnterCriticalSection
GetCurrentProcessId
CreateFileA
SetThreadPriority
ResumeThread
lstrcpyA
GetOverlappedResult
FreeLibrary
RaiseException
GetCurrentThreadId
lstrcatA
GetEnvironmentVariableA
SetStdHandle
VirtualAllocEx
Sleep
CopyFileA
LoadLibraryA

advapi32

RegQueryValueExA
RegEnumValueA
RegOpenKeyA
RegDeleteValueA
SetServiceStatus
OpenProcessToken
RegOpenKeyExA
StartServiceCtrlDispatcherA
SetTokenInformation
RegCloseKey
RegisterServiceCtrlHandlerA
DuplicateTokenEx
CreateProcessAsUserA

Exports

Exports

rpcnetp

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LOJAX-main/Dir1/539cdc37c34eebb28a74f0dceeee0331e6ac6f4682e55fddd69d6f9de7ab9b77
.exe windows:4 windows x86 arch:x86

5ca3fccf907dd5d90b504f5066ae19f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_addr
WSAStartup
WSACleanup

user32

DefWindowProcA
wsprintfA
PostQuitMessage
RegisterClassA
TranslateMessage
GetMessageA
PeekMessageA
PostMessageA
DispatchMessageA
CreateWindowExA
SetTimer
PostThreadMessageA
KillTimer

kernel32

VirtualFreeEx
DeleteCriticalSection
OpenProcess
WriteFile
CloseHandle
RtlUnwind
GetVersion
LocalAlloc
SetFilePointer
CreateProcessA
GetModuleHandleA
GetLastError
LocalFree
ExitThread
SetEvent
ReadFile
TerminateProcess
WaitForSingleObject
WriteProcessMemory
ReadProcessMemory
ResetEvent
LeaveCriticalSection
GetStdHandle
TerminateThread
ExitProcess
InitializeCriticalSection
GetModuleFileNameA
GetProcAddress
WaitForMultipleObjects
CreateRemoteThread
lstrlenA
CreateEventA
GetExitCodeThread
CreateThread
lstrcmpiA
EnterCriticalSection
GetCurrentProcessId
CreateFileA
SetThreadPriority
ResumeThread
lstrcpyA
GetOverlappedResult
FreeLibrary
RaiseException
GetCurrentThreadId
lstrcatA
GetEnvironmentVariableA
SetStdHandle
VirtualAllocEx
Sleep
CopyFileA
LoadLibraryA

advapi32

RegQueryValueExA
RegEnumValueA
RegOpenKeyA
RegDeleteValueA
SetServiceStatus
OpenProcessToken
RegOpenKeyExA
StartServiceCtrlDispatcherA
SetTokenInformation
RegCloseKey
RegisterServiceCtrlHandlerA
DuplicateTokenEx
CreateProcessAsUserA

Exports

Exports

rpcnetp

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LOJAX-main/Dir1/634795a3acbae8964bb31e3ebed7f29208844978a512fc26a8b9a51901f9cab9
.exe windows:4 windows x86 arch:x86

5ca3fccf907dd5d90b504f5066ae19f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_addr
WSAStartup
WSACleanup

user32

DefWindowProcA
wsprintfA
PostQuitMessage
RegisterClassA
TranslateMessage
GetMessageA
PeekMessageA
PostMessageA
DispatchMessageA
CreateWindowExA
SetTimer
PostThreadMessageA
KillTimer

kernel32

VirtualFreeEx
DeleteCriticalSection
OpenProcess
WriteFile
CloseHandle
RtlUnwind
GetVersion
LocalAlloc
SetFilePointer
CreateProcessA
GetModuleHandleA
GetLastError
LocalFree
ExitThread
SetEvent
ReadFile
TerminateProcess
WaitForSingleObject
WriteProcessMemory
ReadProcessMemory
ResetEvent
LeaveCriticalSection
GetStdHandle
TerminateThread
ExitProcess
InitializeCriticalSection
GetModuleFileNameA
GetProcAddress
WaitForMultipleObjects
CreateRemoteThread
lstrlenA
CreateEventA
GetExitCodeThread
CreateThread
lstrcmpiA
EnterCriticalSection
GetCurrentProcessId
CreateFileA
SetThreadPriority
ResumeThread
lstrcpyA
GetOverlappedResult
FreeLibrary
RaiseException
GetCurrentThreadId
lstrcatA
GetEnvironmentVariableA
SetStdHandle
VirtualAllocEx
Sleep
CopyFileA
LoadLibraryA

advapi32

RegQueryValueExA
RegEnumValueA
RegOpenKeyA
RegDeleteValueA
SetServiceStatus
OpenProcessToken
RegOpenKeyExA
StartServiceCtrlDispatcherA
SetTokenInformation
RegCloseKey
RegisterServiceCtrlHandlerA
DuplicateTokenEx
CreateProcessAsUserA

Exports

Exports

rpcnetp

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LOJAX-main/Dir1/a97b1a792f7b53929a1c01bad9fc2bd606a15e8e32755daa15570e356baa0112
.exe windows:4 windows x86 arch:x86

5ca3fccf907dd5d90b504f5066ae19f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_addr
WSAStartup
WSACleanup

user32

DefWindowProcA
wsprintfA
PostQuitMessage
RegisterClassA
TranslateMessage
GetMessageA
PeekMessageA
PostMessageA
DispatchMessageA
CreateWindowExA
SetTimer
PostThreadMessageA
KillTimer

kernel32

VirtualFreeEx
DeleteCriticalSection
OpenProcess
WriteFile
CloseHandle
RtlUnwind
GetVersion
LocalAlloc
SetFilePointer
CreateProcessA
GetModuleHandleA
GetLastError
LocalFree
ExitThread
SetEvent
ReadFile
TerminateProcess
WaitForSingleObject
WriteProcessMemory
ReadProcessMemory
ResetEvent
LeaveCriticalSection
GetStdHandle
TerminateThread
ExitProcess
InitializeCriticalSection
GetModuleFileNameA
GetProcAddress
WaitForMultipleObjects
CreateRemoteThread
lstrlenA
CreateEventA
GetExitCodeThread
CreateThread
lstrcmpiA
EnterCriticalSection
GetCurrentProcessId
CreateFileA
SetThreadPriority
ResumeThread
lstrcpyA
GetOverlappedResult
FreeLibrary
RaiseException
GetCurrentThreadId
lstrcatA
GetEnvironmentVariableA
SetStdHandle
VirtualAllocEx
Sleep
CopyFileA
LoadLibraryA

advapi32

RegQueryValueExA
RegEnumValueA
RegOpenKeyA
RegDeleteValueA
SetServiceStatus
OpenProcessToken
RegOpenKeyExA
StartServiceCtrlDispatcherA
SetTokenInformation
RegCloseKey
RegisterServiceCtrlHandlerA
DuplicateTokenEx
CreateProcessAsUserA

Exports

Exports

rpcnetp

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LOJAX-main/Dir1/dcbfd12321fa7c4fa9a72486ced578fdc00dcee79e6d95aa481791f044a55af3
.exe windows:4 windows x86 arch:x86

5ca3fccf907dd5d90b504f5066ae19f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_addr
WSAStartup
WSACleanup

user32

DefWindowProcA
wsprintfA
PostQuitMessage
RegisterClassA
TranslateMessage
GetMessageA
PeekMessageA
PostMessageA
DispatchMessageA
CreateWindowExA
SetTimer
PostThreadMessageA
KillTimer

kernel32

VirtualFreeEx
DeleteCriticalSection
OpenProcess
WriteFile
CloseHandle
RtlUnwind
GetVersion
LocalAlloc
SetFilePointer
CreateProcessA
GetModuleHandleA
GetLastError
LocalFree
ExitThread
SetEvent
ReadFile
TerminateProcess
WaitForSingleObject
WriteProcessMemory
ReadProcessMemory
ResetEvent
LeaveCriticalSection
GetStdHandle
TerminateThread
ExitProcess
InitializeCriticalSection
GetModuleFileNameA
GetProcAddress
WaitForMultipleObjects
CreateRemoteThread
lstrlenA
CreateEventA
GetExitCodeThread
CreateThread
lstrcmpiA
EnterCriticalSection
GetCurrentProcessId
CreateFileA
SetThreadPriority
ResumeThread
lstrcpyA
GetOverlappedResult
FreeLibrary
RaiseException
GetCurrentThreadId
lstrcatA
GetEnvironmentVariableA
SetStdHandle
VirtualAllocEx
Sleep
CopyFileA
LoadLibraryA

advapi32

RegQueryValueExA
RegEnumValueA
RegOpenKeyA
RegDeleteValueA
SetServiceStatus
OpenProcessToken
RegOpenKeyExA
StartServiceCtrlDispatcherA
SetTokenInformation
RegCloseKey
RegisterServiceCtrlHandlerA
DuplicateTokenEx
CreateProcessAsUserA

Exports

Exports

rpcnetp

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LOJAX-main/Dir1/eb4e174db15646f71cb1d2c471e5794a8429ca29369c8eff6042122cc6dc6845
.exe windows:4 windows x86 arch:x86

5ca3fccf907dd5d90b504f5066ae19f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_addr
WSAStartup
WSACleanup

user32

DefWindowProcA
wsprintfA
PostQuitMessage
RegisterClassA
TranslateMessage
GetMessageA
PeekMessageA
PostMessageA
DispatchMessageA
CreateWindowExA
SetTimer
PostThreadMessageA
KillTimer

kernel32

VirtualFreeEx
DeleteCriticalSection
OpenProcess
WriteFile
CloseHandle
RtlUnwind
GetVersion
LocalAlloc
SetFilePointer
CreateProcessA
GetModuleHandleA
GetLastError
LocalFree
ExitThread
SetEvent
ReadFile
TerminateProcess
WaitForSingleObject
WriteProcessMemory
ReadProcessMemory
ResetEvent
LeaveCriticalSection
GetStdHandle
TerminateThread
ExitProcess
InitializeCriticalSection
GetModuleFileNameA
GetProcAddress
WaitForMultipleObjects
CreateRemoteThread
lstrlenA
CreateEventA
GetExitCodeThread
CreateThread
lstrcmpiA
EnterCriticalSection
GetCurrentProcessId
CreateFileA
SetThreadPriority
ResumeThread
lstrcpyA
GetOverlappedResult
FreeLibrary
RaiseException
GetCurrentThreadId
lstrcatA
GetEnvironmentVariableA
SetStdHandle
VirtualAllocEx
Sleep
CopyFileA
LoadLibraryA

advapi32

RegQueryValueExA
RegEnumValueA
RegOpenKeyA
RegDeleteValueA
SetServiceStatus
OpenProcessToken
RegOpenKeyExA
StartServiceCtrlDispatcherA
SetTokenInformation
RegCloseKey
RegisterServiceCtrlHandlerA
DuplicateTokenEx
CreateProcessAsUserA

Exports

Exports

rpcnetp

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LOJAX-main/ESET-LoJax.pdf
.pdf
- http://eset.com
- http://opensecuritytraining.info
- http://opensecuritytraining.info/IntroBIOS.html
- http://opensecuritytraining.info/IntroBIOS.htmlen-US.en-US
- http://rweverything.com/
- http://rweverything.com/en-US.en-US
- http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-full.pdf.
- http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-full.pdfen-US.en-US
- https://asert.arbornetworks.com/lojack-becomes-a-double-agent/.
- https://asert.arbornetworks.com/lojack-becomes-a-double-agent/en-US.en-US
- https://assets.documentcloud.org/documents/4598895/DOJ-Russia-DNC-Hack-Indictment.pdf
- https://assets.documentcloud.org/documents/4598895/DOJ-Russia-DNC-Hack-Indictment.pdfen-US.en-US
- https://blog.trendmicro.com/trendlabs-security-intelligence/en-UShacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9-agent-in-target-systems/en-US.en-US
- https://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9-agent-in-target-systems/
- https://bromiumlabs.files.wordpress.com/2015/01/speed_racer_whitepaper.pdf
- https://bromiumlabs.files.wordpress.com/2015/01/speed_racer_whitepaper.pdfen-US.en-US
- https://github.com/LongSoft/UEFITool
- https://github.com/LongSoft/UEFIToolen-US.en-US
- https://threatvector.cylance.com/en_us/home/gigabyte-brix-systems-vulnerabilities.html
- https://threatvector.cylance.com/en_us/home/gigabyte-brix-systems-vulnerabilities.htmlen-US.en-US
- https://wikileaks.org/ciav7p1/cms/page_13763820.html
- https://wikileaks.org/ciav7p1/cms/page_13763820.htmlen-US.en-US
- https://www.absolute.com/en-gb/resources/faq/absolute-response-to-arbor-research.
- https://www.absolute.com/en-gb/resources/faq/absolute-response-to-arbor-researchen-US.en-US
- https://www.bbc.com/news/technology-37590375
- https://www.bbc.com/news/technology-37590375en-US.en-US
- https://www.blackhat.com/docs/asia-17/materials/asia-17-Matrosov-The-UEFI-Firmware-Rootkits-Myths-And-Reality.pdf
- https://www.blackhat.com/docs/asia-17/materials/asia-17-Matrosov-The-UEFI-Firmware-Rootkits-Myths-en-USAnd-Reality.pdfen-US.en-US
- https://www.blackhat.com/docs/us-14/materials/us-14-Kamluk-Computrace-Backdoor-Revisited-WP.pdf
- https://www.blackhat.com/docs/us-14/materials/us-14-Kamluk-Computrace-Backdoor-Revisited-WP.pdfen-US.en-US
- https://www.coresecurity.com/system/files/publications/2016/05/Paper-Deactivate-en-USthe-Rootkit-AOrtega-ASacco.pdfen-US.en-US
- https://www.coresecurity.com/system/files/publications/2016/05/Paper-Deactivate-the-Rootkit-AOrtega-ASacco.pdf
- https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/
- https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/en-US.en-US
- https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/7-serie
- https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/7-series-chipset-pch-datasheet.pdf
- https://www.kb.cert.org/vuls/id/766164
- https://www.kb.cert.org/vuls/id/766164en-US.en-US
- https://www.welivesecurity.com/2017/05/09/sednit-adds-two-zero-day-exploits-using-tr
- https://www.welivesecurity.com/2017/05/09/sednit-adds-two-zero-day-exploits-using-trumps-attack-syria-decoy/.
- https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/.
- https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/en-US.
- https://www.wired.com/story/russian-fancy-bears-hackers-release-apparent-ioc-emails/.
- https://www.wired.com/story/russian-fancy-bears-hackers-release-apparent-ioc-emails/en-US.en-US
- Show all
LOJAX-main/FTP_DATA-Fvh8YG2egBnR4ZgERl.ex_(6d626c7f661b8cc477569e8e89bfe578770fca332beefea1ee49c20def97226e)
.exe windows:4 windows x86 arch:x86

5ca3fccf907dd5d90b504f5066ae19f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_addr
WSAStartup
WSACleanup

user32

DefWindowProcA
wsprintfA
PostQuitMessage
RegisterClassA
TranslateMessage
GetMessageA
PeekMessageA
PostMessageA
DispatchMessageA
CreateWindowExA
SetTimer
PostThreadMessageA
KillTimer

kernel32

VirtualFreeEx
DeleteCriticalSection
OpenProcess
WriteFile
CloseHandle
RtlUnwind
GetVersion
LocalAlloc
SetFilePointer
CreateProcessA
GetModuleHandleA
GetLastError
LocalFree
ExitThread
SetEvent
ReadFile
TerminateProcess
WaitForSingleObject
WriteProcessMemory
ReadProcessMemory
ResetEvent
LeaveCriticalSection
GetStdHandle
TerminateThread
ExitProcess
InitializeCriticalSection
GetModuleFileNameA
GetProcAddress
WaitForMultipleObjects
CreateRemoteThread
lstrlenA
CreateEventA
GetExitCodeThread
CreateThread
lstrcmpiA
EnterCriticalSection
GetCurrentProcessId
CreateFileA
SetThreadPriority
ResumeThread
lstrcpyA
GetOverlappedResult
FreeLibrary
RaiseException
GetCurrentThreadId
lstrcatA
GetEnvironmentVariableA
SetStdHandle
VirtualAllocEx
Sleep
CopyFileA
LoadLibraryA

advapi32

RegQueryValueExA
RegEnumValueA
RegOpenKeyA
RegDeleteValueA
SetServiceStatus
OpenProcessToken
RegOpenKeyExA
StartServiceCtrlDispatcherA
SetTokenInformation
RegCloseKey
RegisterServiceCtrlHandlerA
DuplicateTokenEx
CreateProcessAsUserA

Exports

Exports

rpcnetp

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LOJAX-main/LICENSE
LOJAX-main/Lojack.dll.bin.aa5b25c969234e5c9a8e3aa7aefb9444f2cc95247b5b52ef83bf4a68032980ae
.dll windows:4 windows x86 arch:x86

5ca3fccf907dd5d90b504f5066ae19f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

inet_addr
WSAStartup
WSACleanup

user32

DefWindowProcA
wsprintfA
PostQuitMessage
RegisterClassA
TranslateMessage
GetMessageA
PeekMessageA
PostMessageA
DispatchMessageA
CreateWindowExA
SetTimer
PostThreadMessageA
KillTimer

kernel32

VirtualFreeEx
DeleteCriticalSection
OpenProcess
WriteFile
CloseHandle
RtlUnwind
GetVersion
LocalAlloc
SetFilePointer
CreateProcessA
GetModuleHandleA
GetLastError
LocalFree
ExitThread
SetEvent
ReadFile
TerminateProcess
WaitForSingleObject
WriteProcessMemory
ReadProcessMemory
ResetEvent
LeaveCriticalSection
GetStdHandle
TerminateThread
ExitProcess
InitializeCriticalSection
GetModuleFileNameA
GetProcAddress
WaitForMultipleObjects
CreateRemoteThread
lstrlenA
CreateEventA
GetExitCodeThread
CreateThread
lstrcmpiA
EnterCriticalSection
GetCurrentProcessId
CreateFileA
SetThreadPriority
ResumeThread
lstrcpyA
GetOverlappedResult
FreeLibrary
RaiseException
GetCurrentThreadId
lstrcatA
GetEnvironmentVariableA
SetStdHandle
VirtualAllocEx
Sleep
CopyFileA
LoadLibraryA

advapi32

RegQueryValueExA
RegEnumValueA
RegOpenKeyA
RegDeleteValueA
SetServiceStatus
OpenProcessToken
RegOpenKeyExA
StartServiceCtrlDispatcherA
SetTokenInformation
RegCloseKey
RegisterServiceCtrlHandlerA
DuplicateTokenEx
CreateProcessAsUserA

Exports

Exports

rpcnetp

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LOJAX-main/README.md
LOJAX-main/SecDxe(7ea33696c91761e95697549e0b0f84db2cf4033216cd16c3264b10daa31f598c)
.dll windows:0 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 320B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xdata
Size: 128B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 32B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LOJAX-main/c28ad61fc748c08e8714cb247e741b736ebf0d9dfbcc3579f66fe3168326f61
.exe windows:5 windows x86 arch:x86

c1b65f4b767240920879bdfbd46e9852

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
Sleep
GetProcAddress
LoadLibraryA
GetCurrentProcess
DeleteFileW
CreateThread
ResumeThread
SetThreadAffinityMask
GetExitCodeThread
GetLogicalProcessorInformationEx
TerminateThread
WaitForSingleObject
DeviceIoControl
CloseHandle
GetLastError
CreateFileW
ReadFile
GetSystemWow64DirectoryW
WriteFile
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DecodePointer
EncodePointer
EnterCriticalSection
LeaveCriticalSection
HeapCreate
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetHandleCount
GetFileType
DeleteCriticalSection
IsProcessorFeaturePresent
RaiseException
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
CreateFileA
SetStdHandle
FlushFileBuffers
HeapSize
WriteConsoleW
MultiByteToWideChar
LCMapStringW
GetStringTypeW
SetEndOfFile
GetProcessHeap

advapi32

QueryServiceStatusEx
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CloseServiceHandle
ControlService

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LOJAX-main/d0e9f0c79da838bd71a1c4ba6c5c9382569941dc38e7fa2c92009b364673d498
.exe windows:5 windows x86 arch:x86

2ad84a47e13f093b076d43f628bb7916

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetSystemWow64DirectoryW
LoadLibraryA
DeleteFileW
Sleep
GetCurrentProcess
DeviceIoControl
CloseHandle
GetLastError
CreateFileW
ReadFile
GetProcAddress
WriteFile
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DecodePointer
EncodePointer
EnterCriticalSection
LeaveCriticalSection
HeapCreate
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetHandleCount
GetFileType
DeleteCriticalSection
IsProcessorFeaturePresent
RaiseException
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
CreateFileA
SetStdHandle
FlushFileBuffers
HeapSize
WriteConsoleW
MultiByteToWideChar
LCMapStringW
GetStringTypeW
SetEndOfFile
GetProcessHeap

advapi32

QueryServiceStatusEx
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
CloseServiceHandle
ControlService

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5dfe98175c81190c8a176e1ce4524726

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 242KB - Virtual size: 249KB

.reloc Size: 7KB - Virtual size: 7KB

8d9fc0c33c885eb8ca5e0a464a44207f

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

Sections

.text Size: 1024B - Virtual size: 877B

.rdata Size: 1024B - Virtual size: 960B

.data Size: - Virtual size: 4B

5ca3fccf907dd5d90b504f5066ae19f3

Headers

File Characteristics

Imports

wsock32

user32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 356B

.cdata Size: 1024B - Virtual size: 572B

.reloc Size: 1024B - Virtual size: 824B

5ca3fccf907dd5d90b504f5066ae19f3

Headers

File Characteristics

Imports

wsock32

user32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 356B

.cdata Size: 1024B - Virtual size: 572B

.reloc Size: 1024B - Virtual size: 824B

5ca3fccf907dd5d90b504f5066ae19f3

Headers

File Characteristics

Imports

wsock32

user32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 356B

.cdata Size: 1024B - Virtual size: 572B

.reloc Size: 1024B - Virtual size: 824B

5ca3fccf907dd5d90b504f5066ae19f3

Headers

File Characteristics

Imports

wsock32

user32

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 242KB - Virtual size: 249KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 1024B - Virtual size: 877B

.rdata
Size: 1024B - Virtual size: 960B

.data
Size: - Virtual size: 4B

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 356B

.cdata
Size: 1024B - Virtual size: 572B

.reloc
Size: 1024B - Virtual size: 824B

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 356B

.cdata
Size: 1024B - Virtual size: 572B

.reloc
Size: 1024B - Virtual size: 824B

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 356B

.cdata
Size: 1024B - Virtual size: 572B

.reloc
Size: 1024B - Virtual size: 824B

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 356B

.cdata
Size: 1024B - Virtual size: 572B

.reloc
Size: 1024B - Virtual size: 824B

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 356B

.cdata
Size: 1024B - Virtual size: 572B

.reloc
Size: 1024B - Virtual size: 824B

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 356B

.cdata
Size: 1024B - Virtual size: 572B

.reloc
Size: 1024B - Virtual size: 824B

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 356B

.cdata
Size: 1024B - Virtual size: 572B

.reloc
Size: 1024B - Virtual size: 824B

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 356B

.cdata
Size: 1024B - Virtual size: 572B

.reloc
Size: 1024B - Virtual size: 824B