conti_locker pass- infected[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

conti_locker pass- infected.zip
Size

2.1MB
MD5

d8e293b1540d1bcc56e628fb2fb199f6
SHA1

bd929f3b60e564cb822fb77582ab1bd8f7c9a3c1
SHA256

eb369cbda72d68af8f24f11e822fb022aa574776247e42b3fe76bc6a55c2ae56
SHA512

16e2541a64bf22cc86fec8162a12b1d22a256facef07bd951ba2d02c2dd7781ccd01106fdfd712aad5e7e74b534236ca348d3e0f500145fd29926105508dcf91
SSDEEP

49152:eQ9JU5xAEY6+F2VYYssxV0MN+FRiU13wkJB:zQ5+1FD2xV0MN+Dig

Score

N/A

Malware Config

Signatures

Files

conti_locker pass- infected.zip
.zip

Password: infected
conti_locker.7z
.7z

Password: infected
ContiLocker_v2.sln
Debug/decryptor.exe
.exe windows x86

Password: infected

a845ea740e5ebf0f3c996c54425cbc1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
SetFilePointerEx
WriteFile
CloseHandle
GetLastError
lstrcpynW
MoveFileW
WaitForSingleObject
CreateThread
GetNativeSystemInfo
HeapAlloc
HeapFree
GetProcessHeap
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CancelIo
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReadFile
Sleep
ExitThread
CreateTimerQueue
CreateTimerQueueTimer
GlobalAlloc
GlobalFree
lstrcpyW
lstrcatW
DeleteTimerQueue
FindClose
FindFirstFileW
FindNextFileW
lstrcmpW
WaitForMultipleObjects
VirtualAlloc
FreeLibrary
GetFileSizeEx
CreateFileW
lstrlenA
lstrlenW
VirtualQuery
GetModuleHandleW
GetStartupInfoW
InitializeSListHead
DeleteCriticalSection
GetLogicalDriveStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
WideCharToMultiByte
MultiByteToWideChar
RaiseException
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
GetProcAddress

advapi32

CryptAcquireContextA
CryptImportKey
CryptDecrypt

msvcp140d

??0_Lockit@std@@QAE@H@Z
?_Xlength_error@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ

iphlpapi

GetIpNetTable

netapi32

NetShareEnum
NetApiBufferFree

shlwapi

StrStrIW
StrStrIA

ws2_32

WSASocketW
WSAIoctl
socket
WSACleanup
WSAStartup
gethostname
WSAGetLastError
WSAAddressToStringW
bind
closesocket
getsockopt
htons
inet_ntoa
setsockopt
shutdown
gethostbyname

vcruntime140d

memset
memmove
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memcmp
__std_type_info_destroy_list
__current_exception
__current_exception_context
_except_handler4_common
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
__std_exception_copy
memcpy

ucrtbased

__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_free_dbg
_seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_controlfp_s
terminate
_wmakepath_s
_wsplitpath_s
wcscpy_s
_set_fmode
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
__setusermatherr
_set_app_type
_seh_filter_exe
_callnewh
_CrtDbgReportW
_CrtDbgReport
malloc
free
wcslen
_invalid_parameter
__p___argc

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1024B - Virtual size: 893B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Debug/decryptor.ilk
Debug/decryptor.pdb
R3ADM3.txt
Release/R3ADM3.txt
Release/decryptor.exe
.exe windows x86

Password: infected

963760e7a288b19af9e13b315457bfbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynW
SetEndOfFile
CreateFileW
GetLastError
CloseHandle
SetFilePointerEx
MoveFileW
WaitForSingleObject
GetNativeSystemInfo
CreateThread
HeapFree
HeapAlloc
GetProcessHeap
CancelIo
CreateTimerQueueTimer
EnterCriticalSection
DeleteTimerQueue
LeaveCriticalSection
WriteFile
GetQueuedCompletionStatus
ExitThread
PostQueuedCompletionStatus
Sleep
lstrcatW
GlobalAlloc
GlobalFree
DeleteCriticalSection
lstrcpyW
CreateIoCompletionPort
CreateTimerQueue
FindFirstFileW
FindNextFileW
FindClose
lstrcmpW
VirtualAlloc
WaitForMultipleObjects
GetFileSizeEx
ReadFile
GetLogicalDriveStringsW
InitializeCriticalSection
lstrlenW
WriteConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
SetStdHandle
LCMapStringW
CompareStringW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
EncodePointer
RaiseException
SetLastError
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetACP
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo

advapi32

CryptAcquireContextA
CryptImportKey
CryptDecrypt

iphlpapi

GetIpNetTable

netapi32

NetShareEnum
NetApiBufferFree

shlwapi

StrStrIA
StrStrIW

ws2_32

WSASocketW
WSAStartup
socket
WSAAddressToStringW
shutdown
gethostname
getsockopt
htons
setsockopt
WSAGetLastError
gethostbyname
WSAIoctl
closesocket
bind
inet_ntoa
WSACleanup

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Release/decryptor.iobj
Release/decryptor.ipdb
Release/decryptor.pdb
builder/builder.vcxproj
.xml
builder/builder.vcxproj.filters
builder/builder.vcxproj.user
decryptor/Debug/R3ADM3.txt
decryptor/Debug/chacha.obj
decryptor/Debug/decryptor.Build.CppClean.log
decryptor/Debug/decryptor.log
decryptor/Debug/decryptor.obj
decryptor/Debug/decryptor.tlog/CL.command.1.tlog
decryptor/Debug/decryptor.tlog/CL.read.1.tlog
decryptor/Debug/decryptor.tlog/CL.write.1.tlog
decryptor/Debug/decryptor.tlog/decryptor.lastbuildstate
decryptor/Debug/decryptor.tlog/link.command.1.tlog
decryptor/Debug/decryptor.tlog/link.read.1.tlog
decryptor/Debug/decryptor.tlog/link.write.1.tlog
decryptor/Debug/disks.obj
decryptor/Debug/global_parameters.obj
decryptor/Debug/main.obj
decryptor/Debug/memory.obj
decryptor/Debug/network_scanner.obj
decryptor/Debug/search.obj
decryptor/Debug/threadpool.obj
decryptor/Debug/vc142.idb
decryptor/Debug/vc142.pdb
decryptor/MetaRandom2.h
decryptor/MetaString.h
decryptor/R3ADM3.txt
decryptor/Release/R3ADM3.txt
decryptor/Release/chacha.obj
decryptor/Release/decryptor.Build.CppClean.log
decryptor/Release/decryptor.log
decryptor/Release/decryptor.obj
decryptor/Release/decryptor.tlog/CL.command.1.tlog
decryptor/Release/decryptor.tlog/CL.read.1.tlog
decryptor/Release/decryptor.tlog/CL.write.1.tlog
decryptor/Release/decryptor.tlog/decryptor.lastbuildstate
decryptor/Release/decryptor.tlog/link.command.1.tlog
decryptor/Release/decryptor.tlog/link.read.1.tlog
decryptor/Release/decryptor.tlog/link.write.1.tlog
decryptor/Release/disks.obj
decryptor/Release/global_parameters.obj
decryptor/Release/main.obj
decryptor/Release/memory.obj
decryptor/Release/network_scanner.obj
decryptor/Release/search.obj
decryptor/Release/threadpool.obj
decryptor/Release/vc140.pdb
decryptor/chacha20/CONTI.txt
decryptor/chacha20/R3ADM3.txt
decryptor/chacha20/chacha.c
decryptor/chacha20/chacha.h
decryptor/chacha20/ecrypt-config.h
decryptor/chacha20/ecrypt-machine.h
decryptor/chacha20/ecrypt-portable.h
decryptor/chacha20/ecrypt-sync.h
decryptor/common.h
decryptor/decryptor.cpp
decryptor/decryptor.h
decryptor/decryptor.vcxproj
.xml
decryptor/decryptor.vcxproj.filters
decryptor/decryptor.vcxproj.user
decryptor/disks.cpp
decryptor/filesystem.h
decryptor/global_parameters.cpp
decryptor/global_parameters.h
decryptor/main.cpp
decryptor/memory.cpp
decryptor/memory.h
decryptor/network_scanner.cpp
decryptor/network_scanner.h
decryptor/queue.h
decryptor/search.cpp
decryptor/threadpool.cpp
decryptor/threadpool.h
locker/Debug/R3ADM3.txt
locker/Debug/locker.Build.CppClean.log
locker/Debug/locker.log
locker/Debug/locker.tlog/CL.command.1.tlog
locker/Debug/locker.tlog/CL.read.1.tlog
locker/Debug/locker.tlog/CL.write.1.tlog
locker/Debug/locker.tlog/link.command.1.tlog
locker/Debug/locker.tlog/link.read.1.tlog
locker/Debug/locker.tlog/link.write.1.tlog
locker/Debug/locker.tlog/locker.lastbuildstate
locker/Debug/vc142.idb
locker/Debug/vc142.pdb
locker/GetApi.h
locker/MetaRandom2.h
locker/MetaString.h
locker/R3ADM3.txt
locker/Release/R3ADM3.txt
locker/Release/locker.Build.CppClean.log
locker/Release/locker.log
locker/Release/locker.tlog/CL.command.1.tlog
locker/Release/locker.tlog/CL.read.1.tlog
locker/Release/locker.tlog/CL.write.1.tlog
locker/Release/locker.tlog/link.command.1.tlog
locker/Release/locker.tlog/link.read.1.tlog
locker/Release/locker.tlog/link.write.1.tlog
locker/Release/locker.tlog/locker.lastbuildstate
locker/Release/vc140.pdb
locker/antihook/CONTI.txt
locker/antihook/antihooks.h
locker/api.h
locker/chacha20/CONTI.txt
locker/chacha20/R3ADM3.txt
locker/chacha20/chacha.c
locker/chacha20/chacha.h
locker/chacha20/ecrypt-config.h
locker/chacha20/ecrypt-machine.h
locker/chacha20/ecrypt-portable.h
locker/chacha20/ecrypt-sync.h
locker/common.h
locker/filesystem.h
locker/global_parameters.h
locker/hash.h
locker/locker.h
locker/locker.vcxproj
.xml
locker/locker.vcxproj.filters
locker/locker.vcxproj.user
locker/logs.h
locker/memory.h
locker/network_scanner.h
locker/ntdll.h
locker/process_killer.h
locker/queue.h
locker/threadpool.h

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

a845ea740e5ebf0f3c996c54425cbc1c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msvcp140d

iphlpapi

netapi32

shlwapi

ws2_32

vcruntime140d

ucrtbased

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 118KB - Virtual size: 117KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 9KB

.idata Size: 5KB - Virtual size: 5KB

.msvcjmc Size: 1024B - Virtual size: 893B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

Password: infected

963760e7a288b19af9e13b315457bfbf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

iphlpapi

netapi32

shlwapi

ws2_32

Sections

.text Size: 67KB - Virtual size: 67KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 10KB

.gfids Size: 512B - Virtual size: 284B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 4KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 118KB - Virtual size: 117KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 9KB

.idata
Size: 5KB - Virtual size: 5KB

.msvcjmc
Size: 1024B - Virtual size: 893B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 10KB

.gfids
Size: 512B - Virtual size: 284B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 4KB