lmao[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

lmao.rar
Size

19.4MB
MD5

daef1c17e11577bcabe74ceec366b4e3
SHA1

6325d337fac9cb91fbe89807fb75387ce2e6e4c1
SHA256

f4c75f66e97391588e6c2c87c59bb951f515fc04187b0fbba8d3b78f8ba86b36
SHA512

cfe0ea0f96acedd41a3cbe3a88454d22eaa7575b48bddd09e5924e41a175f5b8124af0094d151e033b7247490fb1024e721afecb9d83d9ae42fa6722484cc21b
SSDEEP

393216:gH2ExgZOWSfo38qTAMLflnkExp8KM7aAEKRDPpaqEIXhWspu1C1N0uht8:gWxZOU8qTVL9kq8KM7auTwspu1kj8

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/lmao/cleanernew/applecleaner.exe	themida

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/lmao/cleanernew/applecleaner.exe
unpack001/lmao/lcb.vmp.exe

Files

lmao.rar
.rar
lmao/cleanernew/FNCLEAN.bat
.bat .vbs
lmao/cleanernew/applecleaner.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 54KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
lmao/cleanernew/serial_checker.bat
lmao/lcb.vmp.exe
.exe windows:6 windows x64 arch:x64

d60db98016d1cfec5d938f997ac45e97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

kernel32

LoadLibraryA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

OpenClipboard

advapi32

CryptEncrypt

shell32

ShellExecuteA

imm32

ImmReleaseContext

ntdll

RtlInitUnicodeString

dwmapi

DwmExtendFrameIntoClientArea

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

rpcrt4

RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

normaliz

IdnToAscii

wldap32

ord35

crypt32

CertAddCertificateContextToStore

ws2_32

WSAWaitForMultipleEvents

bcrypt

BCryptGenRandom

Sections

.text
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xDIWNES
Size: - Virtual size: 9.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xDIWNES
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xDIWNES
Size: 17.6MB - Virtual size: 17.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lmao/pass = 1.txt

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 54KB - Virtual size: 142KB

Size: 12KB - Virtual size: 40KB

Size: 512B - Virtual size: 3KB

Size: 3KB - Virtual size: 4KB

Size: 49KB - Virtual size: 48KB

Size: 512B - Virtual size: 300B

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 49KB - Virtual size: 49KB

.themida Size: - Virtual size: 5.9MB

.boot Size: 3.5MB - Virtual size: 3.5MB

.reloc Size: 16B - Virtual size: 4KB

d60db98016d1cfec5d938f997ac45e97

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

d3dcompiler_43

kernel32

user32

advapi32

shell32

imm32

ntdll

dwmapi

d3dx11_43

rpcrt4

psapi

userenv

normaliz

wldap32

crypt32

ws2_32

bcrypt

Sections

.text Size: - Virtual size: 1.6MB

.rdata Size: - Virtual size: 476KB

.data Size: - Virtual size: 4.9MB

.pdata Size: - Virtual size: 76KB

.xDIWNES Size: - Virtual size: 9.5MB

.xDIWNES Size: 4KB - Virtual size: 4KB

.xDIWNES Size: 17.6MB - Virtual size: 17.6MB

.reloc Size: 512B - Virtual size: 104B

.rsrc Size: 512B - Virtual size: 480B

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 49KB - Virtual size: 49KB

.themida
Size: - Virtual size: 5.9MB

.boot
Size: 3.5MB - Virtual size: 3.5MB

.reloc
Size: 16B - Virtual size: 4KB

.text
Size: - Virtual size: 1.6MB

.rdata
Size: - Virtual size: 476KB

.data
Size: - Virtual size: 4.9MB

.pdata
Size: - Virtual size: 76KB

.xDIWNES
Size: - Virtual size: 9.5MB

.xDIWNES
Size: 4KB - Virtual size: 4KB

.xDIWNES
Size: 17.6MB - Virtual size: 17.6MB

.reloc
Size: 512B - Virtual size: 104B

.rsrc
Size: 512B - Virtual size: 480B