lmtools[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

lmtools.exe
Size

1.5MB
MD5

58c91376ac43ef1e60a339c794132932
SHA1

50f8f91a31df2e3a6e86c0737f0e9e51953b3bcf
SHA256

899b30518b93ff451b4cc49e3d1b33f3a56909c430f4ad179825ca9a0b049593
SHA512

8e7845874d8d5655a76bf28903e9ef7623ad976867e62bb60cc55fc2338ff198d8901de8b81c4c02ec75f5b87890687ab59cce467d48de1a5e653efc2537bc79
SSDEEP

24576:YneqIoW7GQDfh4bxIAFRJZVKCipSBa9iDtGJpnHtWeDaV:qVIoOt4bxIUhVASntGJzWaaV

Score

1^/10

Malware Config

Signatures

Files

lmtools.exe
.exe windows:6 windows x64 arch:x64

31dbf7c7565b0b67df55614f08632d29

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:1c:f2:95:af:dd:ec:8c:60:cd:3c:20:f6:5f:e7:fd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

03/09/2021, 00:00

Not After

03/09/2024, 23:59

Subject

CN=Flexera Software LLC,O=Flexera Software LLC,L=Itasca,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

00:b3:77:a1:61:c9:8b:b9:32:39:3c:3f:56:55:2b:eb:68:92:35:37:9e:77:63:b7:27:26:1d:4c:45:dd:b9:5c
Signer

Actual PE Digest

00:b3:77:a1:61:c9:8b:b9:32:39:3c:3f:56:55:2b:eb:68:92:35:37:9e:77:63:b7:27:26:1d:4c:45:dd:b9:5c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\cygwin\home\nightly\fnpbuild\FNP-11.19.4\tier1\flexnet\lmtools\build\_release-Windows-ipv6.NT4-x86_64-main\lmtools.exe.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
WriteFile
GetConsoleCP
SetStdHandle
GetFileType
GetStdHandle
DeleteCriticalSection
CreateFileW
GetModuleFileNameW
GetProcessHeap
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
TlsAlloc
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FreeLibrary
LoadLibraryExW
HeapReAlloc
FlushFileBuffers
WriteConsoleW
GetTimeZoneInformation
SetEndOfFile
OutputDebugStringW
GetStringTypeW
SetEnvironmentVariableA
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalAlloc
RtlVirtualUnwind
RtlCaptureContext
HeapSize
GetModuleHandleW
GetTickCount
GetStartupInfoW
TlsFree
AreFileApisANSI
GetProcAddress
GetModuleHandleExW
ExitProcess
GetCurrentThreadId
GetCurrentThread
SetLastError
HeapFree
HeapAlloc
GetFileAttributesExW
ReadConsoleW
GetConsoleMode
ReadFile
SetFilePointerEx
RaiseException
RtlPcToFileHeader
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwindEx
RtlLookupFunctionEntry
DecodePointer
EncodePointer
GetVersionExA
CreateProcessA
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersion
CreateDirectoryW
TlsSetValue
TlsGetValue
GetWindowsDirectoryA
CreateEventA
WaitForSingleObject
CloseHandle
GetModuleHandleA
CompareStringW
GetFullPathNameA
SetEnvironmentVariableW
GetCurrentDirectoryW
GetFullPathNameW
ExitThread
CreateThread
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
FileTimeToSystemTime
PeekNamedPipe
GetFileInformationByHandle
GetCommandLineA
FileTimeToLocalFileTime
LoadLibraryW
SetThreadAffinityMask
GetProcessAffinityMask
GetSystemDirectoryA
SetThreadContext
LocalFree
FormatMessageA
GetShortPathNameA
GetEnvironmentVariableA
GetEnvironmentVariableW
GetEnvironmentStrings
FreeEnvironmentStringsA
lstrlenA
CreateFileA
SetNamedPipeHandleState
SleepEx
WaitNamedPipeA
SetErrorMode
LoadLibraryA
GetLocalTime
ReleaseMutex
CreateMutexA
GetDriveTypeA
GetVolumeInformationA
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
SetEvent
ResetEvent
GetProcessTimes
DeviceIoControl
LoadLibraryExA
DefineDosDeviceA
QueryDosDeviceA
DuplicateHandle
GetThreadPriority
ResumeThread
GetThreadContext

user32

SendDlgItemMessageA
SendMessageA
MessageBoxA
SetMenuItemInfoA
CheckRadioButton
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
PostMessageA
DestroyWindow
GetDlgItem
SetForegroundWindow
GetDC
ReleaseDC
InvalidateRect
RedrawWindow
GetWindowLongA
IsDialogMessageA
MoveWindow
GetWindowRect
ScreenToClient
CallWindowProcA
SetWindowLongA
LoadBitmapA
GetActiveWindow
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
LoadCursorA
GetFocus
GetClientRect
GetParent
CreateDialogIndirectParamA
DialogBoxIndirectParamA
ShowWindow
wsprintfA
SetFocus
GetCursor
IsWindowEnabled
GetDlgItemTextW
GetWindowTextLengthA
ShowCursor
EndDialog
CreateDialogParamA
MessageBeep
GetWindowTextA
SetWindowTextA
EnableWindow
SetCursor

advapi32

RegEnumValueA
GetUserNameA
GetUserNameW
RegQueryValueExW
RegSetValueExW
DeregisterEventSource
RegQueryInfoKeyA
ReportEventA
StartServiceA
QueryServiceConfigA
DeleteService
CreateServiceA
ControlService
ChangeServiceConfig2A
ChangeServiceConfigA
RegDeleteValueA
RegDeleteKeyExA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
CloseServiceHandle
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCreateKeyExA
RegCloseKey
RegisterEventSourceA

comctl32

ImageList_Create
ImageList_GetImageCount
ImageList_Add
ord17

gdi32

CreateFontIndirectA
SelectObject
GetTextMetricsA
DeleteObject
GetStockObject

ole32

CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoTaskMemFree

shell32

SHGetKnownFolderPath
ShellExecuteA
ord680

ws2_32

getaddrinfo
freeaddrinfo
inet_addr
inet_ntoa
getnameinfo
__WSAFDIsSet
closesocket
connect
ioctlsocket
recv
WSACleanup
send
WSAStartup
setsockopt
socket
WSAGetLastError
getpeername
select
getsockopt
htonl

netapi32

Netbios

comdlg32

GetSaveFileNameA
GetOpenFileNameA

oleaut32

VariantInit
SafeArrayDestroy
VariantClear
SysAllocString
SysAllocStringLen
SysFreeString
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData

shlwapi

PathRemoveBackslashW

wintrust

WinVerifyTrust

crypt32

CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringA
CryptQueryObject

Sections

.text
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 870KB - Virtual size: 870KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fnp_dir
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_mar
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31dbf7c7565b0b67df55614f08632d29

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:1c:f2:95:af:dd:ec:8c:60:cd:3c:20:f6:5f:e7:fdCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

00:b3:77:a1:61:c9:8b:b9:32:39:3c:3f:56:55:2b:eb:68:92:35:37:9e:77:63:b7:27:26:1d:4c:45:dd:b9:5cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

comctl32

gdi32

ole32

shell32

ws2_32

netapi32

comdlg32

oleaut32

shlwapi

wintrust

crypt32

Sections

.text Size: 293KB - Virtual size: 293KB

.textidx Size: 870KB - Virtual size: 870KB

.rdata Size: 192KB - Virtual size: 192KB

.data Size: 47KB - Virtual size: 98KB

.pdata Size: 44KB - Virtual size: 44KB

.fnp_dir Size: 512B - Virtual size: 120B

.fnp_mar Size: 512B - Virtual size: 1B

.rsrc Size: 103KB - Virtual size: 103KB

.reloc Size: 5KB - Virtual size: 5KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:1c:f2:95:af:dd:ec:8c:60:cd:3c:20:f6:5f:e7:fd
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

00:b3:77:a1:61:c9:8b:b9:32:39:3c:3f:56:55:2b:eb:68:92:35:37:9e:77:63:b7:27:26:1d:4c:45:dd:b9:5c
Signer

.text
Size: 293KB - Virtual size: 293KB

.textidx
Size: 870KB - Virtual size: 870KB

.rdata
Size: 192KB - Virtual size: 192KB

.data
Size: 47KB - Virtual size: 98KB

.pdata
Size: 44KB - Virtual size: 44KB

.fnp_dir
Size: 512B - Virtual size: 120B

.fnp_mar
Size: 512B - Virtual size: 1B

.rsrc
Size: 103KB - Virtual size: 103KB

.reloc
Size: 5KB - Virtual size: 5KB