limbo_keygen[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

limbo_keygen.exe
Size

41.1MB
MD5

6f9c812363aa2323a89bdb6aad7c77ce
SHA1

eaf283eee8304e8cc88b4acbe5181c08685dd657
SHA256

7d23c1e17325e4e3137962459f46c59f247b9868d66d869738dbcab83625b47d
SHA512

21df9bbc1aac09539134c702b4daf947886d69d1e225b8dbdb49b75c26495ae38a1f4c28b1da184d792484af2001bce2a3909c2b24a62ffba46d3d09a4eadfd1
SSDEEP

393216:5hCrtQt+eh1B4M4MNl3KKaFD4kkRbxNzZZVrngyJ2BGnHMyrMGnA49m7vuDSO2Ae:j4juhck/e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
limbo_keygen.exe

Files

limbo_keygen.exe
.exe windows:6 windows x64 arch:x64

1d3fbcfbc0d5c2c164487cd6e80a3be5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

midiInStop
midiInStart
midiInClose
midiInOpen
midiInGetErrorTextA
midiInGetDevCapsA
timeEndPeriod
midiInGetNumDevs
midiInGetID
timeBeginPeriod

kernel32

GetCurrentThreadId
SetThreadPriority
SetPriorityClass
LoadLibraryW
GlobalSize
GlobalUnlock
GlobalLock
PowerCreateRequest
PowerSetRequest
PowerClearRequest
CompareStringOrdinal
LCIDToLocaleName
GetLocaleInfoEx
LoadLibraryA
GetLocaleInfoW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetTempFileNameA
GetTempPathA
HeapSize
GetFullPathNameW
HeapReAlloc
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetCommandLineA
ExitProcess
WriteFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
MoveFileExW
RemoveDirectoryW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetFileType
SetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
RtlUnwindEx
RaiseException
InterlockedPushEntrySList
RtlPcToFileHeader
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetCurrentThread
GetModuleHandleW
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
GetNativeSystemInfo
GetTimeZoneInformation
SystemTimeToFileTime
FormatMessageW
LoadLibraryExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
FreeLibrary
GetLocalTime
GetSystemTimeAsFileTime
GetSystemTime
OpenProcess
CreateProcessW
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
Sleep
WaitForSingleObject
QueryPerformanceFrequency
QueryPerformanceCounter
SetLastError
GetExitCodeThread
SwitchToThread
WaitForSingleObjectEx
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsValidCodePage
CreatePipe
GetLastError
SetHandleInformation
CloseHandle
ReadFile
SetFileAttributesW
FindFirstFileW
OutputDebugStringA
K32GetPerformanceInfo
SetConsoleCtrlHandler
ReadConsoleW
SetConsoleMode
AttachConsole
GetUserDefaultUILanguage
FindClose
CompareFileTime
SetEnvironmentVariableW
GetEnvironmentVariableW
GetStdHandle
WideCharToMultiByte
LocalFree
GlobalAlloc
GetCommandLineW
VerifyVersionInfoW
VerSetConditionMask
GetStringTypeW
GetModuleHandleExA
ReplaceFileW
MultiByteToWideChar
WriteConsoleW
SetEndOfFile
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExA
GetFileAttributesW
GetLogicalDrives
GetTempFileNameW
GetVolumeInformationW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
PropVariantClear
CoTaskMemFree

oleaut32

VariantInit
SysFreeString
SysAllocString

user32

RegisterRawInputDevices
GetRawInputData
EnumDisplayMonitors
GetMonitorInfoW
GetMonitorInfoA
MonitorFromWindow
SystemParametersInfoA
EnumDisplaySettingsW
CreateIconIndirect
CreateIconFromResource
DestroyIcon
LoadIconA
LoadCursorA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowLongPtrA
GetWindowLongPtrA
OffsetRect
FillRect
ClipCursor
WindowFromPoint
ScreenToClient
ClientToScreen
SetCaretPos
DestroyCaret
CreateCaret
GetCursorPos
SetCursor
SetCursorPos
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
SetWindowRgn
GetUpdateRect
ReleaseDC
GetWindowDC
GetDCEx
GetRawInputDeviceInfoA
AllowSetForegroundWindow
SetForegroundWindow
GetForegroundWindow
GetSystemMetrics
KillTimer
SetTimer
ReleaseCapture
SetCapture
MapVirtualKeyExA
MapVirtualKeyA
RegisterTouchWindow
CloseTouchInputHandle
GetTouchInputInfo
GetKeyState
SetFocus
IsClipboardFormatAvailable
EmptyClipboard
RegisterClipboardFormatA
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
IsZoomed
IsIconic
IsWindowVisible
SetWindowPos
MoveWindow
FlashWindowEx
ShowWindow
DestroyWindow
IsWindow
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
SendMessageW
SendMessageA
GetMessageExtraInfo
PeekMessageW
DispatchMessageW
TranslateMessage
TrackMouseEvent
GetKeyboardLayout
GetKeyboardLayoutList
ToUnicodeEx
ActivateKeyboardLayout
MessageBoxW
GetRawInputDeviceList
RegisterClassW
UnregisterClassW
GetWindowThreadProcessId
GetDC
WindowFromDC

gdi32

SwapBuffers
SetPixelFormat
ChoosePixelFormat
CreatePolygonRgn
CreateDIBSection
SelectObject
Rectangle
GetTextExtentPoint32W
GetStockObject
GetPixel
GetDIBits
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePen
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
BitBlt

shell32

DragQueryFileW
ShellExecuteW
CommandLineToArgvW
DragAcceptFiles
SHCreateItemFromParsingName
SHFileOperationW
SHGetKnownFolderPath

advapi32

GetCurrentHwProfileA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

dinput8

DirectInput8Create

imm32

ImmGetContext
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext

bcrypt

BCryptGenRandom

crypt32

CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreA
CryptBinaryToStringA

avrt

AvSetMmThreadCharacteristicsW
AvSetMmThreadPriority

dwmapi

DwmGetWindowAttribute
DwmEnableBlurBehindWindow
DwmSetWindowAttribute

dwrite

DWriteCreateFactory

iphlpapi

GetAdaptersAddresses

wsock32

htons
listen
ntohs
recv
recvfrom
select
getsockname
sendto
setsockopt
socket
__WSAFDIsSet
WSACleanup
WSAGetLastError
inet_ntoa
closesocket
accept
bind
send
WSAStartup

ws2_32

getaddrinfo
WSAConnect
freeaddrinfo

ntdll

NtQueryInformationFile

dxgi

CreateDXGIFactory1

Exports

Exports

??0PlatformMethods@angle@@QEAA@XZ
??4PlatformMethods@angle@@QEAAAEAU01@$$QEAU01@@Z
??4PlatformMethods@angle@@QEAAAEAU01@AEBU01@@Z
AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 29.2MB - Virtual size: 29.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 960KB - Virtual size: 959KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

pck
Size: 1.1MB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d3fbcfbc0d5c2c164487cd6e80a3be5

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

ole32

oleaut32

user32

gdi32

shell32

advapi32

dinput8

imm32

bcrypt

crypt32

avrt

dwmapi

dwrite

iphlpapi

wsock32

ws2_32

ntdll

dxgi

Exports

Exports

Sections

.text Size: 29.2MB - Virtual size: 29.2MB

.rdata Size: 8.4MB - Virtual size: 8.4MB

.data Size: 1.0MB - Virtual size: 2.7MB

.pdata Size: 960KB - Virtual size: 959KB

pck Size: 1.1MB - Virtual size: 8B

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 35KB - Virtual size: 35KB

.reloc Size: 281KB - Virtual size: 280KB

.text
Size: 29.2MB - Virtual size: 29.2MB

.rdata
Size: 8.4MB - Virtual size: 8.4MB

.data
Size: 1.0MB - Virtual size: 2.7MB

.pdata
Size: 960KB - Virtual size: 959KB

pck
Size: 1.1MB - Virtual size: 8B

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 281KB - Virtual size: 280KB