darklua[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

darklua.exe
Size

7.3MB
MD5

97efd57f7150e28c99c55375e8e901fd
SHA1

064b37ce7a06046ca78ccefaa2f4c58f00b8b78f
SHA256

6a49243fecb3327a0b90adff085edb866a6a0896f374d4060da6289b9ead8d9f
SHA512

d496f7628478e5016fc00c877bd89d9bbc1a338a88601c48474f4f0f86076d854fd5daaff28bf1f9ccbc6bd6ab101f7b7d7d4c85e393619cc3aa79c547c9ebdf
SSDEEP

98304:vsSjpoiZLDEEspgvmJC8dMkXSXSFXRbdczri8Oe:vsSjdH8NgO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
darklua.exe

Files

darklua.exe
.exe windows:6 windows x64 arch:x64

933884c99b72846005a69243e08bb2be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

darklua.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WakeByAddressAll
WaitOnAddress

kernel32

IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
SetFileInformationByHandle
GetCommandLineW
UnhandledExceptionFilter
GetEnvironmentVariableW
GetCurrentDirectoryW
SetLastError
GetStdHandle
GetCurrentProcessId
RtlLookupFunctionEntry
RtlVirtualUnwind
QueryPerformanceFrequency
GetSystemTimePreciseAsFileTime
HeapFree
RtlCaptureContext
lstrlenW
ReleaseMutex
GetProcessHeap
HeapAlloc
FindNextFileW
FindClose
GetFileInformationByHandleEx
QueryPerformanceCounter
Sleep
CreateDirectoryW
FindFirstFileW
DeleteFileW
SetWaitableTimer
CreateWaitableTimerExW
GetFileType
SwitchToThread
AddVectoredExceptionHandler
GetLastError
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
MultiByteToWideChar
WriteConsoleW
CreateThread
GetCurrentThread
GetFullPathNameW
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter
LoadLibraryA
CreateMutexA
ConvertFiberToThread
DeleteFiber
CreateFiber
ConvertThreadToFiber
IsThreadAFiber
SwitchToFiber
SetThreadStackGuarantee
VirtualQuery
SetConsoleMode
GetConsoleMode
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetFileInformationByHandle
ReadDirectoryChangesW
CreateSemaphoreW
CreateFileW
CancelIo
WaitForSingleObjectEx
ReleaseSemaphore
WaitForSingleObject
SetConsoleCtrlHandler
CreateSemaphoreA
CloseHandle
GetCurrentProcess
HeapReAlloc
IsProcessorFeaturePresent

ntdll

RtlNtStatusToDosError
NtReadFile
NtWriteFile

vcruntime140

__C_specific_handler
__current_exception_context
__current_exception
_CxxThrowException
memset
__CxxFrameHandler3
memcpy
memmove
memcmp

api-ms-win-crt-math-l1-1-0

trunc
log10
floor
pow
__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_set_app_type
exit
_exit
_initterm
_configure_narrow_argv
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_initialize_narrow_environment
_initterm_e
_initialize_onexit_table
terminate
_register_onexit_function
_crt_atexit
_get_initial_narrow_environment

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

933884c99b72846005a69243e08bb2be

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

ntdll

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 512B - Virtual size: 9KB

.pdata Size: 252KB - Virtual size: 252KB

.reloc Size: 35KB - Virtual size: 34KB

.text
Size: 5.3MB - Virtual size: 5.3MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 512B - Virtual size: 9KB

.pdata
Size: 252KB - Virtual size: 252KB

.reloc
Size: 35KB - Virtual size: 34KB