HEUR-Trojan-Ransom[.]Win32[.]Lockbit[.]vho-c72dad61e0cdc9a5f49290e9c07190fff2f501f3a08ac34a7a47db27fa5008e6[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

HEUR-Trojan-Ransom.Win32.Lockbit.vho-c72dad61e0cdc9a5f49290e9c07190fff2f501f3a08ac34a7a47db27fa5008e6.exe
Size

148KB
MD5

ff0c0bd5b0cdffa79138f1d81d59431a
SHA1

d69f5fb82eed253e71545f22cdb761b99bf7ece9
SHA256

c72dad61e0cdc9a5f49290e9c07190fff2f501f3a08ac34a7a47db27fa5008e6
SHA512

4b5d3621fb1819f1ab0da815e2d78f540c5a4a4281c41fdf4f49a3078c97b5667cdfbe5730e877620ca1c744c8b1aadb6fa33a2d58aa6fd0d437b9f4d577ae2f
SSDEEP

3072:ym0ROZIL87L1yoklfzGp3XjRaDyZYMqqD/kDlHlC:ypMCL8rpHjRa0qqD/UjC

Score

N/A

Malware Config

Signatures

Files

HEUR-Trojan-Ransom.Win32.Lockbit.vho-c72dad61e0cdc9a5f49290e9c07190fff2f501f3a08ac34a7a47db27fa5008e6.exe
.exe windows x86

168ea5b327edf5713a2bb8e19a928d13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetShareEnum
NetApiBufferFree

iphlpapi

GetAdaptersInfo

ws2_32

ioctlsocket
htons
connect
socket
inet_addr
WSAStartup
select
closesocket
__WSAFDIsSet
WSACleanup
WSAGetLastError

crypt32

CryptBinaryToStringA

gdiplus

GdipDeleteGraphics
GdipDeleteStringFormat
GdipDeleteFont
GdipGetImageGraphicsContext
GdiplusStartup
GdipCreateStringFormat
GdipSetStringFormatAlign
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipCloneBrush
GdipDrawString
GdipDeleteBrush
GdipAlloc
GdipDisposeImage
GdipCreateLineBrushFromRect
GdipSetStringFormatLineAlign
GdipCreateFont
GdipFree
GdipCreateBitmapFromScan0
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipGetImageEncoders
GdipFillRectangle
GdipCreateFontFamilyFromName

shlwapi

PathAddBackslashW
PathFindExtensionW
PathRemoveBackslashW
PathRemoveExtensionA
PathRemoveFileSpecW
StrFormatByteSize64A

mpr

WNetCloseEnum
WNetAddConnection2W
WNetOpenEnumW
WNetGetConnectionW
WNetEnumResourceW

ntdll

RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtSetInformationThread
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationToken
RtlGetAce
NtOpenProcess
RtlQueryInformationAcl
RtlAllocateAndInitializeSid
RtlAddAce
RtlLengthSid
NtClose
RtlAdjustPrivilege
RtlFreeSid
RtlAddAccessDeniedAce
NtSetInformationProcess
RtlCreateAcl
NtWaitForSingleObject
NtSetInformationFile
NtCreateIoCompletion
NtRemoveIoCompletion
NtQueryInformationFile
RtlInterlockedPushEntrySList
RtlInitializeSListHead
RtlInterlockedPopEntrySList
RtlInterlockedFlushSList
RtlInitUnicodeString
NtAllocateVirtualMemory
LdrEnumerateLoadedModules
RtlAcquirePebLock
RtlReleasePebLock

msvcrt

malloc
calloc
free

kernel32

SetProcessShutdownParameters
FindFirstFileExW
SetConsoleMode
WriteFile
GetWindowsDirectoryW
MoveFileW
SystemTimeToFileTime
SetFileTime
ReadFile
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetConsoleTitleA
SetConsoleTextAttribute
GetModuleHandleA
SetConsoleCtrlHandler
GetConsoleMode
GetLocalTime
SetVolumeMountPointW
FindFirstVolumeW
QueryDosDeviceW
CreateProcessA
lstrcmpiA
GetCurrentProcessId
MoveFileExW
Process32Next
CreateToolhelp32Snapshot
OpenProcess
GetSystemDefaultLangID
TerminateProcess
Process32First
LoadLibraryA
OpenMutexA
CreateMutexA
GetTempFileNameW
GetTempPathW
GetDriveTypeW
lstrcmpiW
ExitProcess
CreateThread
CloseHandle
DeleteFileW
GetDiskFreeSpaceExW
SetFileAttributesW
ExitThread
GetFileAttributesW
CreateFileW
FindClose
SetThreadUILanguage
WaitForMultipleObjects
FindNextFileW
GetProcAddress
GetLogicalDrives
AllocConsole
GetConsoleWindow

user32

GetSystemMenu
IsWindowVisible
DeleteMenu
GetMessageW
ShowWindow
GetWindowThreadProcessId
PeekMessageW
GetWindowLongA
wvsprintfA
RegisterHotKey
FlashWindow
SetLayeredWindowAttributes
EnableMenuItem
CharLowerBuffW
CharUpperA
MessageBoxA
wsprintfW
SystemParametersInfoW
GetSystemMetrics
wsprintfA
SetWindowLongA
GetShellWindow

advapi32

CloseServiceHandle
RegSetValueExA
RegOpenKeyA
RegCloseKey
CryptReleaseContext
InitializeSecurityDescriptor
RegQueryValueExA
OpenProcessToken
DuplicateToken
OpenThreadToken
GetTokenInformation
SetSecurityInfo
GetSecurityInfo
CheckTokenMembership
CreateWellKnownSid
EnumDependentServicesA
SetThreadToken
OpenSCManagerA
RegCreateKeyExA
ControlService
RegSetValueExW
RegDeleteValueW
QueryServiceStatusEx
RegQueryValueExW
OpenServiceA
SetFileSecurityW
CryptAcquireContextW
SetSecurityDescriptorOwner
CryptGenRandom
LookupPrivilegeValueA

shell32

SHEmptyRecycleBinW
ShellExecuteExA
ShellExecuteExW
CommandLineToArgvW

ole32

CoGetObject
CoUninitialize
CoInitializeEx

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

168ea5b327edf5713a2bb8e19a928d13

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

iphlpapi

ws2_32

crypt32

gdiplus

shlwapi

mpr

ntdll

msvcrt

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 121KB - Virtual size: 121KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 8KB

.text
Size: 121KB - Virtual size: 121KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 8KB