lcb_spoof_crack[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

lcb_spoof_crack.exe
Size

7.6MB
MD5

c5c7253e68ea5d96ad86b7a99c465386
SHA1

1f6197326f53c231929f90b01d0afae65ae75c6d
SHA256

c38ce83359b11c63b187f1fe5d3c3a8ef2eac3377d67eada3299758f24d33cc5
SHA512

bf4221643f50ea2b9a3fd84e7c49219178f4e6d63b8f9e6505b512277534df945d7f0527d793981e37440abffdd78d93d04ac6a69532a64dea94a4e7e54355c9
SSDEEP

196608:BkbgJsau4PqC1qLAgz27O7PNYODgH0ZW0dTqnc52:WbgFu4PqC1qLAgh71rzZJ2nc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
lcb_spoof_crack.exe

Files

lcb_spoof_crack.exe
.exe windows:6 windows x64 arch:x64

614128c26c018f9d0a9999d7c2cc764e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\0\Desktop\des\tos\jg\nowwau\example_win32_directx11\Release\created\Loader.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

kernel32

WaitForSingleObject
CreatePipe
GetStdHandle
ReadFile
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
GetProcAddress
CreateProcessA
GetTickCount
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GetTempPathA
GetLastError
DeleteFileA
CloseHandle
Sleep
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetDriveTypeW
WaitForMultipleObjects
SetEndOfFile
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
PeekNamedPipe
SetEvent
CreateEventA
GetSystemDirectoryA
SleepEx
FormatMessageW
MoveFileExA
Beep
GetEnvironmentVariableA
GetACP
IsValidCodePage
GetTimeZoneInformation
GetExitCodeProcess
CreateFileA
GetFileSizeEx
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
CreateFileW
IsDebuggerPresent
DebugBreak
OutputDebugStringW
CheckRemoteDebuggerPresent
DecodePointer
RaiseException
HeapDestroy
HeapSize
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentProcess
TerminateProcess
CreateThread
GetCurrentThread
SetThreadPriority
GetExitCodeThread
SuspendThread
ResumeThread
GetThreadContext
OpenProcess
VirtualProtect
CreateFileMappingW
GetModuleFileNameA
GetModuleHandleW
QueryFullProcessImageNameA
QueryFullProcessImageNameW
VerifyVersionInfoW
LocalFree
VirtualAlloc
VirtualFree
GetCurrentDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
SleepConditionVariableSRW
GetCurrentThreadId
WaitForSingleObjectEx
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
EncodePointer
LCMapStringEx
WakeAllConditionVariable
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
SetLastError
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ExitProcess
DuplicateHandle
CreateProcessW
ExitThread
FreeLibraryAndExitThread
GetSystemInfo
VirtualQuery
WriteFile
SetFilePointerEx
GetConsoleMode
ReadConsoleW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
DeleteFileW

user32

GetWindowTextA
FindWindowW
EnumWindows
EmptyClipboard
GetClipboardData
OpenClipboard
GetCursorPos
SetCursorPos
MoveWindow
DispatchMessageA
GetWindowRect
DestroyWindow
CreateWindowExW
SetClipboardData
CloseClipboard
DefWindowProcA
GetKeyState
GetWindowThreadProcessId
ReleaseCapture
IsWindowUnicode
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
TrackMouseEvent
ClientToScreen
GetCapture
ScreenToClient
LoadCursorA
UpdateWindow
PostQuitMessage
PeekMessageA
LoadIconA
GetSystemMetrics
UnregisterClassW
RegisterClassExW
ShowWindow
MessageBoxA
TranslateMessage

advapi32

CryptEncrypt
CryptImportKey
OpenProcessToken
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
InitializeAcl
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
IsValidSid
SetSecurityInfo
CopySid
ConvertSidToStringSidW
OpenThreadToken
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow

dwmapi

DwmExtendFrameIntoClientArea

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

urlmon

URLDownloadToFileA

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

psapi

GetModuleInformation

userenv

UnloadUserProfile

shell32

ShellExecuteA

normaliz

IdnToAscii
IdnToUnicode

wldap32

ord211
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord46
ord217
ord143

crypt32

CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CryptDecodeObjectEx
CertOpenStore
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

ws2_32

WSAGetLastError
ntohs
WSAStartup
WSACleanup
bind
connect
getpeername
getsockname
WSASetLastError
recv
setsockopt
socket
WSAIoctl
__WSAFDIsSet
select
accept
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
gethostname
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
htons

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 422KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

614128c26c018f9d0a9999d7c2cc764e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

d3dcompiler_43

kernel32

user32

advapi32

imm32

dwmapi

d3dx11_43

urlmon

rpcrt4

psapi

userenv

shell32

normaliz

wldap32

crypt32

ws2_32

bcrypt

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 422KB - Virtual size: 421KB

.data Size: 5.6MB - Virtual size: 5.6MB

.pdata Size: 72KB - Virtual size: 71KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 422KB - Virtual size: 421KB

.data
Size: 5.6MB - Virtual size: 5.6MB

.pdata
Size: 72KB - Virtual size: 71KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 8KB - Virtual size: 8KB