lobster[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

lobster.exe
Size

5.9MB
MD5

ad84b0f7cd7433be72848779e9eddf42
SHA1

3cc103c7e4f68e4171ebb09bcc0cbb6afe81023f
SHA256

bf41209655648156cf74b1831e7f7fef68122c8080ace0dd0ea78d84ccbf505f
SHA512

ea27d34f7ff0378ecb9a9f944f659f566004be970b9cdbf2346928e05b9735c8df5a625c62b27591cc9b3e2912b6aaeb6c8b0a2407c8875fee90e56206eee718
SSDEEP

98304:DS46ZUlz1tFIg3dCrhS8WaprmOd4LEM7:DS4h/IMr3apmL37

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
lobster.exe

Files

lobster.exe
.exe windows:6 windows x64 arch:x64

792a0718bd1ecd6b45d61577ac8c2f15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\lobster\lobster\build\lobster\lobster\x64\Release\lobster.pdb

Imports

opengl32

glDrawArrays
glDrawElements
glIsEnabled
glPolygonMode
glGetTexImage
glDeleteTextures
glTexImage2D
glDisable
glBindTexture
glGenTextures
glTexParameteri
glGetError
glHint
glGetString
glReadPixels
glCullFace
glViewport
glScissor
glGetIntegerv
glGetBooleanv
glClear
glClearColor
glBlendFunc
glEnable
glPixelStorei

winmm

timeBeginPeriod
timeEndPeriod
waveInStart
waveInAddBuffer
waveOutPrepareHeader
waveInClose
waveInPrepareHeader
waveOutWrite
waveOutGetErrorTextW
waveOutGetNumDevs
waveInGetNumDevs
waveOutGetDevCapsW
waveInReset
waveInUnprepareHeader
waveOutUnprepareHeader
waveOutClose
waveInGetDevCapsW
waveOutReset
waveInOpen
waveOutOpen

imm32

ImmGetCompositionStringW
ImmGetIMEFileNameA
ImmAssociateContext
ImmSetCompositionStringW
ImmNotifyIME
ImmGetCandidateListW
ImmGetContext
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
HeapReAlloc
FlushFileBuffers
GetTimeZoneInformation
DeleteFileW
MoveFileExW
GetCurrentThreadId
GetCurrentProcessId
CreateNamedPipeA
CreateFileA
CreatePipe
SetHandleInformation
CreateEventA
CreateProcessA
CloseHandle
WaitForSingleObject
GetExitCodeProcess
ReadFile
GetLastError
GetOverlappedResult
QueryPerformanceFrequency
QueryPerformanceCounter
GetLogicalProcessorInformation
GetModuleFileNameA
GetConsoleWindow
FindFirstFileA
FindNextFileA
FindClose
OutputDebugStringA
LoadLibraryA
GetProcAddress
FreeLibrary
AllocConsole
FreeConsole
VirtualProtect
EnterCriticalSection
RtlAddFunctionTable
LeaveCriticalSection
InitializeCriticalSection
GetSystemDirectoryA
RtlDeleteFunctionTable
SetUnhandledExceptionFilter
GetFullPathNameA
WriteProcessMemory
GetCurrentProcess
WriteFile
FatalAppExitA
GetCurrentThread
GetSystemTime
SetLastError
RtlCaptureContext
GetEnvironmentVariableA
SuspendThread
GetCurrentDirectoryA
ResumeThread
GetFileAttributesA
GetVersionExA
GetThreadContext
ReadProcessMemory
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetFileSizeEx
SetErrorMode
SetFilePointer
CreateFileW
SetFilePointerEx
GetModuleHandleW
Sleep
GetStdHandle
AttachConsole
OutputDebugStringW
WriteConsoleW
GetModuleFileNameW
GetTickCount
MulDiv
ReleaseSemaphore
WaitForSingleObjectEx
CreateSemaphoreW
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEnvironmentVariableA
CancelIo
DeviceIoControl
CreateEventW
FormatMessageW
LoadLibraryW
ResetEvent
LocalFree
VerSetConditionMask
VerifyVersionInfoW
GetSystemInfo
GlobalMemoryStatusEx
TerminateProcess
ExitProcess
VirtualFree
VirtualAlloc
VirtualQuery
SetThreadExecutionState
SetThreadPriority
RaiseException
CreateThread
IsDebuggerPresent
CreateDirectoryW
LoadLibraryExW
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleExW
CompareStringA
GetSystemPowerStatus
GetLocaleInfoA
FindFirstFileExW
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapAlloc
HeapFree
GetFullPathNameW
ReadConsoleW
GetCommandLineW
GetCommandLineA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
GetFileType
SetStdHandle
TlsFree
RtlUnwind
RtlUnwindEx
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetCPInfo
GetStringTypeW
GetSystemTimeAsFileTime
FindNextFileW
LCMapStringEx
InitializeCriticalSectionEx
DecodePointer
EncodePointer
RtlPcToFileHeader
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
GetNativeSystemInfo
GetExitCodeThread
GetCurrentDirectoryW
GetProcessHeap
SetEndOfFile
HeapSize
LoadLibraryExA
GetConsoleMode

user32

RemovePropW
SetWindowTextW
GetKeyboardState
GetMonitorInfoW
RegisterClassW
AttachThreadInput
CreateIconFromResource
UnhookWindowsHookEx
SendMessageW
IntersectRect
SetPropW
SetWindowsHookExW
ToUnicode
SetWindowLongW
GetParent
PtInRect
SetForegroundWindow
GetWindowTextW
SetActiveWindow
MonitorFromWindow
MonitorFromRect
GetFocus
GetWindowTextLengthW
GetWindowThreadProcessId
SetLayeredWindowAttributes
GetKeyboardLayout
SetWindowRgn
MessageBoxA
GetWindowLongA
SetWindowLongA
ShowWindow
SetClipboardData
CopyImage
CreateIconIndirect
MapVirtualKeyW
EnumDisplaySettingsW
EnumDisplayDevicesW
EnumDisplayMonitors
MonitorFromPoint
ChangeDisplaySettingsExW
IsClipboardFormatAvailable
GetClipboardSequenceNumber
FlashWindowEx
RegisterDeviceNotificationW
LoadCursorW
SetCapture
ReleaseCapture
SetCursorPos
RegisterRawInputDevices
CreateWindowExW
PostThreadMessageW
GetRawInputDeviceInfoA
GetRawInputDeviceList
SetWindowLongPtrW
EndDialog
GetWindowLongPtrW
DialogBoxIndirectParamW
SetFocus
SystemParametersInfoA
GetDlgItem
DrawTextW
SystemParametersInfoW
ReleaseDC
GetDesktopWindow
RegisterWindowMessageA
DestroyWindow
CreateWindowExA
UnregisterClassA
UnregisterDeviceNotification
RegisterClassExA
GetWindowLongW
GetMessageW
DefWindowProcW
AdjustWindowRectEx
GetKeyState
GetMessageExtraInfo
CallWindowProcW
PostMessageW
GetWindowRect
GetMenu
GetDC
SetWindowPos
GetPropW
FillRect
ScreenToClient
CallNextHookEx
GetSystemMetrics
UnregisterClassW
RegisterClassExW
GetAsyncKeyState
DispatchMessageW
SetTimer
DestroyIcon
ClientToScreen
PeekMessageW
GetRawInputData
ValidateRect
TrackMouseEvent
GetClipCursor
GetForegroundWindow
GetUpdateRect
TranslateMessage
LoadIconW
ClipCursor
SetCursor
GetClientRect
KillTimer
GetClassInfoExW
InvalidateRect
IsIconic
GetCursorPos
GetDoubleClickTime
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData

gdi32

GetDeviceCaps
CreateCompatibleDC
GetTextExtentPoint32A
SelectObject
CreateBitmap
CreateDIBSection
GetDeviceGammaRamp
CreateDCW
SetDeviceGammaRamp
GetICMProfileW
CombineRgn
CreateRectRgn
DeleteDC
GetDIBits
CreateCompatibleBitmap
SetPixelFormat
GetPixelFormat
SwapBuffers
ChoosePixelFormat
CreateFontIndirectW
CreateSolidBrush
GetTextMetricsW
BitBlt
DescribePixelFormat
DeleteObject

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
GetUserNameA

shell32

ShellExecuteW
DragAcceptFiles
SHGetFolderPathW
ExtractIconExW
DragFinish
DragQueryFileW
CommandLineToArgvW

ole32

CoUninitialize
CoTaskMemFree
PropVariantClear
CLSIDFromString
CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear

setupapi

CM_Locate_DevNodeA
CM_Get_Device_IDA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
CM_Get_Parent

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

792a0718bd1ecd6b45d61577ac8c2f15

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

opengl32

winmm

imm32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

setupapi

Exports

Exports

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 160KB - Virtual size: 337KB

.pdata Size: 194KB - Virtual size: 194KB

.rsrc Size: 121KB - Virtual size: 121KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 160KB - Virtual size: 337KB

.pdata
Size: 194KB - Virtual size: 194KB

.rsrc
Size: 121KB - Virtual size: 121KB

.reloc
Size: 17KB - Virtual size: 17KB