670a8ccf0c6f9_LofiseNose.exe

First submission 2024-10-13 07:06:02

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	981.0 KB (1004544 bytes)
Compile time:	2024-10-12 16:50:16
MD5:	400af20bb680795b1a047b588d8f1b26
SHA1:	e2522424e4c0a34b83b0dd9769db8c5b01e289e9
SHA256:	f4bc3f962d0b16cd40870324c2418b102680aca46ee4ab0b08ec19e3d4b86986
Import Hash :	285f07c66f98861b92460fa57c11d967
Sections 5	.text .rdata .data .rsrc .reloc
Directories 4	import resource debug relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	35/77 VT report date: 2024-10-13 06:43:12
Malware Type 1	trojan
Threat Type 3	jaik lummastealer pwsx

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://cache.ussc.org/player/670a8ccf0c6f9_LofiseNose.exe	cache.ussc.org	2024-10-13 07:06:03

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x87979	555520	fd10e776cbd664570fcbef95fdab967f4668fa69	c7c4a37d148a8fe173a52f2f1af29a06
.rdata	0x89000	0x10dbc	69120	cf63799da9c29642ef80beb6b421c5a1c0bbddd2	d88d7c1acbd70cce211488f7c3ca9816
.data	0x9a000	0x58bfc	357888	75e1cdc7925add8dd665cf7615e80d8c478ea00d	c29d2184aedfcb7803e2b313da7bb597
.rsrc	0xf3000	0x595	1536	67325892dd6c48f418d1a1ce99cf5976ef4148d5	365e5a183cc437b4e69a5f5af50b49a4
.reloc	0xf4000	0x4a6c	19456	556c80cf8e36164ba83a48e5abe35509a9ecac32	a7eb2ed669f0f99fe00b5f577eacdc82

PE Resources 2

Name	Language	Sublanguage	Offset	Size	Data
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xf30a0	888	PE Resource: RT_VERSION - Data t4VS_VERSION_INFO 4aJ 4aJ?StringFileInfo040904B0LCompanyNameMicrosoft CorporationDFileDescriptionPrint Utilityn'FileVersion10.0.19041.3636 (WinBuild.160101.0800),InternalNamePrint.LegalCopyright Microsoft Corporation. All rights reserved.< OriginalFilenamePrint.Exej%ProductNameMicrosoft Windows Operating SystemDProductVersion10.0.19041.3636DVarFileInfo$Translation
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0xf3418	381	PE Resource: RT_MANIFEST - Data <?xml version='1.0' encoding='UTF-8' standalone='yes'?> <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level='asInvoker' uiAccess='false' /> </requestedPrivileges> </security> </trustInfo> </assembly>

Name

Language

Sublanguage

Offset

Size

Data

RT_VERSION

LANG_ENGLISH

SUBLANG_ENGLISH_US

0xf30a0

888

RT_MANIFEST

LANG_ENGLISH

SUBLANG_ENGLISH_US

0xf3418

381

Meta infos 9

LegalCopyright:	\xa9 Microsoft Corporation. All rights reserved.
InternalName:	Print
FileVersion:	10.0.19041.3636 (WinBuild.160101.0800)
CompanyName:	Microsoft Corporation
ProductVersion:	10.0.19041.3636
FileDescription:	Print Utility
Translation:	0x0409 0x04b0
OriginalFilename:	Print.Exe
ProductName:	Microsoft\xae Windows\xae Operating System

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 7

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
OutputDebugStringW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
Hmscoree.dll
KERNEL32.dll

Import functions

KERNEL32.dll 89

Function	Address	Souspicious	Anti Debug
WaitForSingleObject	0x489000
CloseHandle	0x489004
CreateThread	0x489008
MultiByteToWideChar	0x48900c
FormatMessageA	0x489010
GetStringTypeW	0x489014
WideCharToMultiByte	0x489018
EnterCriticalSection	0x48901c
LeaveCriticalSection	0x489020
InitializeCriticalSectionEx	0x489024
DeleteCriticalSection	0x489028
EncodePointer	0x48902c
DecodePointer	0x489030
LocalFree	0x489034
GetLocaleInfoEx	0x489038
LCMapStringEx	0x48903c
CompareStringEx	0x489040
GetCPInfo	0x489044
IsProcessorFeaturePresent	0x489048
UnhandledExceptionFilter	0x48904c
SetUnhandledExceptionFilter	0x489050
GetCurrentProcess	0x489054
TerminateProcess	0x489058
QueryPerformanceCounter	0x48905c
GetCurrentProcessId	0x489060
GetCurrentThreadId	0x489064
GetSystemTimeAsFileTime	0x489068
InitializeSListHead	0x48906c
IsDebuggerPresent	0x489070
GetStartupInfoW	0x489074
GetModuleHandleW	0x489078
CreateFileW	0x48907c
RaiseException	0x489080
RtlUnwind	0x489084
InterlockedPushEntrySList	0x489088
InterlockedFlushSList	0x48908c
GetLastError	0x489090
SetLastError	0x489094
InitializeCriticalSectionAndSpinCount	0x489098
TlsAlloc	0x48909c
TlsGetValue	0x4890a0
TlsSetValue	0x4890a4
TlsFree	0x4890a8
FreeLibrary	0x4890ac
GetProcAddress	0x4890b0
LoadLibraryExW	0x4890b4
GetStdHandle	0x4890b8
WriteFile	0x4890bc
GetModuleFileNameW	0x4890c0
ExitProcess	0x4890c4
GetModuleHandleExW	0x4890c8
HeapAlloc	0x4890cc
HeapFree	0x4890d0
GetDateFormatW	0x4890d4
GetTimeFormatW	0x4890d8
CompareStringW	0x4890dc
LCMapStringW	0x4890e0
GetLocaleInfoW	0x4890e4
IsValidLocale	0x4890e8
GetUserDefaultLCID	0x4890ec
EnumSystemLocalesW	0x4890f0
GetFileType	0x4890f4
GetCurrentThread	0x4890f8
FlushFileBuffers	0x4890fc
GetConsoleOutputCP	0x489100
GetConsoleMode	0x489104
ReadFile	0x489108
GetFileSizeEx	0x48910c
SetFilePointerEx	0x489110
ReadConsoleW	0x489114
SetConsoleCtrlHandler	0x489118
HeapReAlloc	0x48911c
GetTimeZoneInformation	0x489120
OutputDebugStringW	0x489124
FindClose	0x489128
FindFirstFileExW	0x48912c
FindNextFileW	0x489130
IsValidCodePage	0x489134
GetACP	0x489138
GetOEMCP	0x48913c
GetCommandLineA	0x489140
GetCommandLineW	0x489144
GetEnvironmentStringsW	0x489148
FreeEnvironmentStringsW	0x48914c
SetEnvironmentVariableW	0x489150
SetStdHandle	0x489154
GetProcessHeap	0x489158
HeapSize	0x48915c
WriteConsoleW	0x489160

Name	Latest seen	MD5
7f3c2473d1e6.exe	2024-10-13 06:20:02	21b00885507b17bb51792cbac9cd7d01
54f0fa329a53.exe	2024-10-15 12:57:02	7de1a4a7d819cc98fccdea05f9326c1a