lr[.]exe | Triage

General

Target

lr.exe
Size

87KB
MD5

f6ec0ffb5ba23be37e4fbc01f7a7ee95
SHA1

e802116c030e82097c9e230576294fb2cc67fe0c
SHA256

146b98c91f1fd3828ef5e091049809c5d0a3562f051d9e9d36f736ee70afa432
SHA512

fc2a2202452f5fbf78da6008012004efec7e5e5ee8ca5bb46eb13aa76c34c25490b4ec7d9c9db53cc02a394fecf424792542014dc7f0689fde538453d796cc57
SSDEEP

768:cawSUgqtyO6u7rKE/4GoLN59muQZrHZOanbCS6weiOW1EDY3F+1eL8v1vCX9fyZ2:XA17rKEQDR5QZdneiHo1XdvIXmkoD4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
lr.exe

Files

lr.exe
.exe windows:5 windows x86 arch:x86

ed46cc68371fd9adea1b5600b6808030

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comsvcs

CoCreateActivity
RecycleSurrogate

advapi32

RegCreateKeyExA
CryptSignHashW
RegSaveKeyA
InitializeAcl
GetUserNameA
RegOpenKeyW
RegDeleteValueA
RegRestoreKeyW
RegCloseKey
OpenEventLogW
RegEnumKeyA

untfs

Format
FormatEx
Chkdsk
Extend
Recover

clbcatq

CoRegCleanup
ComPlusMigrate
SetSetupSave

kernel32

AllocConsole
CreateFileA
ExitProcess
VirtualAlloc
WaitForSingleObject
OpenWaitableTimerW
LoadLibraryA
LoadLibraryExA
CloseHandle
GetACP
WriteFile
SetCurrentDirectoryA
GetFileAttributesA
VirtualQuery
GetCurrentDirectoryA
OpenSemaphoreA
GetShortPathNameA
CreateJobObjectA

cfgmgr32

CM_Add_Empty_Log_Conf
CMP_Report_LogOn
CMP_Init_Detection
CM_Add_IDA

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.udata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.adata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.relo�
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed46cc68371fd9adea1b5600b6808030

Headers

DLL Characteristics

File Characteristics

Imports

comsvcs

advapi32

untfs

clbcatq

kernel32

cfgmgr32

Sections

.text Size: 27KB - Virtual size: 27KB

.udata Size: 2KB - Virtual size: 1KB

.adata Size: 48KB - Virtual size: 47KB

.rsrc Size: 6KB - Virtual size: 6KB

.relo� Size: 2KB - Virtual size: 2KB

.text
Size: 27KB - Virtual size: 27KB

.udata
Size: 2KB - Virtual size: 1KB

.adata
Size: 48KB - Virtual size: 47KB

.rsrc
Size: 6KB - Virtual size: 6KB

.relo�
Size: 2KB - Virtual size: 2KB