AppLocker[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

AppLocker.exe
Size

4.2MB
MD5

78cfc22e5a6ca9312804efab9584c778
SHA1

ae9fc07dd3e4199e4305b243a9151820d548d663
SHA256

55840749c2c42b8079c2890b9ffdcff91cb93c40b378b43320fb9e4a72321842
SHA512

e416fe121b113c55420eab8d46a4aed80c8836e583faad5d2ba6618a5f1f41e05fdf9a2110b3469974a98704cf491c0b0c39be47b037ceb2937c03e1a456b8db
SSDEEP

49152:6uZQgu3IqYYfFbHAlM53zBDeRh4f0vwLa9i/IF+Oj3gDXu1UgcSTtcG5TiktRIIs:S3UcAZcdAaykNiLd1GQIu9PbSXN

Score

N/A

Malware Config

Signatures

Files

AppLocker.exe
.exe windows x64

027baddaba43ba06a207143d5775721b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libevent-2-1-7

evdns_add_server_port_with_base
evdns_base_clear_nameservers_and_suspend
evdns_base_config_windows_nameservers
evdns_base_count_nameservers
evdns_base_get_nameserver_addr
evdns_base_nameserver_ip_add
evdns_base_new
evdns_base_resolv_conf_parse
evdns_base_resolve_ipv4
evdns_base_resolve_ipv6
evdns_base_resolve_reverse
evdns_base_resolve_reverse_ipv6
evdns_base_resume
evdns_base_search_clear
evdns_base_set_option
evdns_close_server_port
evdns_server_request_add_a_reply
evdns_server_request_add_aaaa_reply
evdns_server_request_add_ptr_reply
evdns_server_request_get_requesting_addr
evdns_server_request_respond
evdns_set_log_fn
evdns_shutdown
event_active
event_add
event_base_free
event_base_get_method
event_base_loop
event_base_loopbreak
event_base_loopexit
event_base_new_with_config
event_config_free
event_config_new
event_config_set_flag
event_config_set_num_cpus_hint
event_del
event_free
event_get_version
event_new
event_pending
event_set_log_callback
event_set_mem_functions
evutil_secure_rng_add_bytes
evutil_secure_rng_get_bytes
evutil_secure_rng_init
evutil_secure_rng_set_urandom_device_file

libssp-0

__stack_chk_fail
__stack_chk_guard

advapi32

CryptAcquireContextA
CryptGenRandom

iphlpapi

GetAdaptersAddresses

kernel32

AcquireSRWLockExclusive
CloseHandle
CreateFileA
CreateFileMappingA
CreateNamedPipeA
CreateProcessA
DeleteCriticalSection
EnterCriticalSection
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetFileSize
GetLastError
GetModuleFileNameA
GetProcAddress
GetStartupInfoA
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
GlobalMemoryStatusEx
HeapSetInformation
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSRWLock
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFileEx
ReleaseSRWLockExclusive
SetConsoleCtrlHandler
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SleepEx
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
VirtualLock
VirtualProtect
VirtualQuery
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteFileEx

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_cexit
_chsize
_commode
_endthread
_environ
_errno
_fmode
_fstat64
_fullpath
_getpid
_getwch
_gmtime64
_initterm
_localtime64
_lock
_locking
_lseek
_lseeki64
_mktime64
_onexit
_putch
_snprintf
_stat64
_stricmp
_strnicmp
_time64
_unlock
_vsnprintf
abort
atoi
calloc
exit
fclose
feof
fgetc
fgets
fopen
fprintf
fputc
fputs
free
frexp
fwrite
islower
isspace
isupper
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
puts
qsort
realloc
rename
signal
strcat
strchr
strcmp
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
vfprintf
wcslen
_write
_utime
_unlink
_strdup
_read
_open
_mkdir
_getcwd
_fileno
_fdopen
_close

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

shlwapi

PathMatchSpecA

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSASetLastError
WSAStartup
accept
bind
closesocket
connect
gethostbyname
gethostname
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
send
setsockopt
socket

libcrypto-1_1-x64

ASN1_TIME_print
BIO_ctrl
BIO_free
BIO_method_type
BIO_new
BIO_new_socket
BIO_next
BIO_number_read
BIO_number_written
BIO_s_mem
BN_bin2bn
BN_bn2bin
BN_bn2hex
BN_clear_free
BN_cmp
BN_copy
BN_dup
BN_free
BN_hex2bn
BN_is_word
BN_new
BN_num_bits
BN_set_word
BN_sub_word
BN_to_ASN1_INTEGER
CONF_modules_unload
CRYPTO_free
CRYPTO_get_ex_new_index
DH_compute_key
DH_free
DH_generate_key
DH_get0_key
DH_new
DH_set0_pqg
DH_set_length
DH_size
DH_up_ref
EC_GFp_mont_method
EC_GFp_nist_method
EC_GFp_simple_method
EC_GROUP_method_of
EC_KEY_free
EC_KEY_get0_group
EC_KEY_new_by_curve_name
ENGINE_by_id
ENGINE_ctrl_cmd_string
ENGINE_free
ENGINE_get_cipher_engine
ENGINE_get_default_DH
ENGINE_get_default_EC
ENGINE_get_default_RAND
ENGINE_get_default_RSA
ENGINE_get_digest_engine
ENGINE_get_id
ENGINE_get_name
ENGINE_load_builtin_engines
ENGINE_register_all_complete
ENGINE_set_default
ERR_func_error_string
ERR_get_error
ERR_lib_error_string
ERR_peek_error
ERR_reason_error_string
EVP_CIPHER_CTX_free
EVP_CIPHER_CTX_new
EVP_CIPHER_CTX_reset
EVP_EncryptInit
EVP_EncryptUpdate
EVP_PKEY_CTX_ctrl
EVP_PKEY_CTX_free
EVP_PKEY_CTX_new_id
EVP_PKEY_assign
EVP_PKEY_base_id
EVP_PKEY_bits
EVP_PKEY_cmp
EVP_PKEY_derive
EVP_PKEY_derive_init
EVP_PKEY_free
EVP_PKEY_get1_RSA
EVP_PKEY_new
EVP_aes_128_ctr
EVP_aes_192_ctr
EVP_aes_256_ctr
EVP_sha256
HMAC
OBJ_txt2nid
OPENSSL_sk_num
OPENSSL_sk_value
OpenSSL_version
OpenSSL_version_num
PKCS5_PBKDF2_HMAC_SHA1
RAND_OpenSSL
RAND_bytes
RAND_get_rand_method
RAND_poll
RAND_seed
RAND_set_rand_method
RAND_status
RSAPrivateKey_dup
RSAPublicKey_dup
RSA_bits
RSA_check_key
RSA_free
RSA_generate_key_ex
RSA_get0_d
RSA_get0_dmp1
RSA_get0_dmq1
RSA_get0_e
RSA_get0_factors
RSA_get0_iqmp
RSA_get0_key
RSA_get0_n
RSA_get0_p
RSA_get0_q
RSA_new
RSA_private_decrypt
RSA_private_encrypt
RSA_public_decrypt
RSA_public_encrypt
RSA_size
SHA1
SHA1_Final
SHA1_Init
SHA1_Update
SHA256
SHA256_Final
SHA256_Init
SHA256_Update
SHA512
SHA512_Final
SHA512_Init
SHA512_Update
X509_NAME_add_entry_by_NID
X509_NAME_free
X509_NAME_new
X509_STORE_add_cert
X509_cmp
X509_cmp_time
X509_dup
X509_free
X509_get0_notAfter
X509_get0_notBefore
X509_get_pubkey
X509_get_serialNumber
X509_getm_notAfter
X509_getm_notBefore
X509_new
X509_set_issuer_name
X509_set_pubkey
X509_set_subject_name
X509_set_version
X509_sign
X509_time_adj
X509_verify
d2i_RSAPrivateKey
d2i_RSAPublicKey
d2i_X509
i2d_RSAPrivateKey
i2d_RSAPublicKey
i2d_X509

libssl-1_1-x64

OPENSSL_init_ssl
SSL_CIPHER_find
SSL_CIPHER_get_id
SSL_CIPHER_get_name
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_free
SSL_CTX_get_cert_store
SSL_CTX_new
SSL_CTX_set_options
SSL_CTX_set_security_level
SSL_CTX_set_verify
SSL_CTX_use_PrivateKey
SSL_CTX_use_certificate
SSL_SESSION_get_master_key
SSL_accept
SSL_connect
SSL_ctrl
SSL_export_keying_material
SSL_free
SSL_get_certificate
SSL_get_client_ciphers
SSL_get_client_random
SSL_get_current_cipher
SSL_get_error
SSL_get_ex_data
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_rbio
SSL_get_server_random
SSL_get_session
SSL_get_state
SSL_get_wbio
SSL_new
SSL_pending
SSL_read
SSL_set_bio
SSL_set_cipher_list
SSL_set_ex_data
SSL_set_info_callback
SSL_set_options
SSL_set_session_secret_cb
SSL_set_verify
SSL_state_string_long
SSL_version
SSL_write
TLS_method

zlib1

deflate
deflateEnd
deflateInit2_
inflate
inflateEnd
inflateInit2_
zlibVersion

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 669KB - Virtual size: 669KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

027baddaba43ba06a207143d5775721b

Headers

DLL Characteristics

File Characteristics

Imports

libevent-2-1-7

libssp-0

advapi32

iphlpapi

kernel32

msvcrt

shell32

shlwapi

ws2_32

libcrypto-1_1-x64

libssl-1_1-x64

zlib1

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.data Size: 53KB - Virtual size: 52KB

.rdata Size: 669KB - Virtual size: 669KB

.pdata Size: 96KB - Virtual size: 95KB

.xdata Size: 98KB - Virtual size: 98KB

.bss Size: - Virtual size: 25KB

.idata Size: 17KB - Virtual size: 17KB

.CRT Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.data
Size: 53KB - Virtual size: 52KB

.rdata
Size: 669KB - Virtual size: 669KB

.pdata
Size: 96KB - Virtual size: 95KB

.xdata
Size: 98KB - Virtual size: 98KB

.bss
Size: - Virtual size: 25KB

.idata
Size: 17KB - Virtual size: 17KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 6KB - Virtual size: 6KB