2023-02-09_60c415f1a2074f925b165c89f83bc6e3_lockbit[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2023-02-09_60c415f1a2074f925b165c89f83bc6e3_lockbit.exe
Size

190KB
MD5

60c415f1a2074f925b165c89f83bc6e3
SHA1

50bb2e80ed492a188dbdbd59df36ad51eb33cab6
SHA256

83ff194b9c5f6578343114e644a07da49ee29f291570eb7315299cbd4d618403
SHA512

6e4ac7ad3119b82d4ca3e1b05f102859bd51ad40d87b8467987f7ca313f878317237e528d4f6b634cfda449bea2b39b18190fac6d6fd04285a84f6042a9f5811
SSDEEP

3072:b6FeVYPk00Gz+Wc2xlm+I1Ywwv0z0e1cHO+SnfUepYl7Txe1/UPJu2MA:bg+k7c2ohwcz/1cHONpO1AA

Score

1^/10

Malware Config

Signatures

Files

2023-02-09_60c415f1a2074f925b165c89f83bc6e3_lockbit.exe
.exe windows x64

5e3b4d8c96aa634f8a6d6adf6270d0eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetFilePointer
GetFileInformationByHandle
GetTempPathA
CreateFileA
DeleteFileA
FileTimeToLocalFileTime
WideCharToMultiByte
GetTempFileNameA
FileTimeToDosDateTime
HeapCreate
HeapAlloc
HeapDestroy
CreateDirectoryW
CompareFileTime
TerminateProcess
RemoveDirectoryW
SetEndOfFile
CreateFileW
ResumeThread
DeleteFileW
MoveFileExW
CreateProcessW
GetFileTime
GetExitCodeProcess
CopyFileW
GetFileAttributesW
LoadLibraryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetStartupInfoW
WaitForDebugEvent
InitializeProcThreadAttributeList
ContinueDebugEvent
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
TerminateThread
CreateThread
SetThreadPriority
VirtualFree
GetCurrentProcess
LocalAlloc
GetCurrentThreadId
OpenProcess
SetEvent
LocalFree
GetConsoleMode
GetConsoleOutputCP
FreeLibrary
SetStdHandle
SetFilePointerEx
FindClose
FindNextFileW
FindFirstFileW
ReadFile
GetTickCount
GetModuleHandleW
GetProcAddress
WriteConsoleW
Sleep
CloseHandle
GetLastError
CreateEventW
WaitForSingleObject
SetLastError
GetModuleFileNameW
RaiseException
EncodePointer
MultiByteToWideChar
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
FlsSetValue
FlsGetValue
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleExW
IsProcessorFeaturePresent
TlsSetValue
TlsGetValue
InitializeCriticalSectionAndSpinCount
WriteFile
ExitProcess
GetCommandLineW
LoadLibraryExW
FlushFileBuffers
VirtualAlloc

user32

GetProcessWindowStation
GetWindowThreadProcessId
SendMessageTimeoutW
GetShellWindow
GetThreadDesktop
CharPrevW
GetUserObjectInformationW

advapi32

RegCloseKey
QueryServiceStatusEx
RegSetKeyValueW
CreateWellKnownSid
RegFlushKey
RegEnumKeyExW
RegOpenKeyW
CreateProcessAsUserW
RegRenameKey
RegDeleteKeyW
RegCreateKeyW
RegEnumValueW
RegQueryInfoKeyW
CloseServiceHandle
OpenSCManagerW
RegCreateKeyExW
RegSetValueExW
StartServiceW
RegOpenKeyExW
RegDeleteValueW
OpenServiceW

shell32

SHAssocEnumHandlersForProtocolByApplication
SHGetKnownFolderPath
SHGetSpecialFolderPathW
ShellExecuteExW
SHCreateItemFromParsingName

ole32

CoCreateGuid
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoGetObject
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoInitializeEx

oleaut32

VariantInit
SysFreeString
SysAllocString
SysStringLen

rpcrt4

RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcRaiseException
RpcAsyncInitializeHandle
RpcAsyncCompleteCall
RpcBindingFree
NdrAsyncClientCall
UuidCreateNil
UuidCompare
NdrClientCall2
RpcBindingFromStringBindingW

ntdll

LdrEnumerateLoadedModules
RtlPrefixUnicodeString
NtDeleteValueKey
RtlLengthRequiredSid
RtlAcquirePebLock
RtlImageNtHeader
RtlGetVersion
NtFsControlFile
RtlGetCurrentPeb
NtCreatePrivateNamespace
NtQueryInformationFile
NtDeletePrivateNamespace
RtlFreeHeap
RtlRaiseStatus
RtlSetHeapInformation
NtAllocateVirtualMemory
LdrFindEntryForAddress
RtlAddSIDToBoundaryDescriptor
RtlReleasePebLock
RtlExpandEnvironmentStrings_U
RtlGetFrame
LdrAccessResource
RtlUnwindEx
NtNotifyChangeDirectoryFile
NtMapViewOfSection
NtUnmapViewOfSection
NtCreateEvent
NtClose
RtlInitUnicodeString
RtlRandomEx
NtCreateSection
NtReadFile
RtlPopFrame
RtlCreateHeap
LdrFindResource_U
NtOpenProcess
RtlDeleteBoundaryDescriptor
NtQueryInformationProcess
LdrGetDllHandle
RtlCreateBoundaryDescriptor
RtlSubAuthoritySid
RtlComputeCrc32
RtlQueryElevationFlags
LdrGetDllHandleEx
NtCompressKey
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPcToFileHeader
RtlExitUserProcess
RtlImageDirectoryEntryToData
NtWaitForSingleObject
NtCreateFile
NtSetEvent
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
NtTerminateProcess
DbgUiSetThreadDebugObject
RtlFreeSid
NtDuplicateObject
RtlLengthSid
RtlAllocateAndInitializeSid
NtSetInformationToken
NtRemoveProcessDebug
NtDuplicateToken
NtOpenProcessToken
NtSetValueKey
NtCreateKey
RtlFormatCurrentUserKeyPath
NtQuerySystemInformation
RtlAllocateHeap
RtlDestroyHeap
RtlInitializeSid
NtFreeVirtualMemory
RtlNtStatusToDosErrorNoTeb
NtDeleteKey
RtlPushFrame
NtOpenKey
RtlAppendUnicodeToString
NtQueryInformationToken
RtlAppendUnicodeStringToString
NtQueryValueKey
NtDeleteFile
RtlEqualUnicodeString

comctl32

ord17

cabinet

ord13
ord14
ord11
ord10

msdelta

ApplyDeltaB
DeltaFree

bcrypt

BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptDecrypt
BCryptGetProperty
BCryptDestroyKey

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e3b4d8c96aa634f8a6d6adf6270d0eb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

rpcrt4

ntdll

comctl32

cabinet

msdelta

bcrypt

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 6KB - Virtual size: 10KB

.pdata Size: 4KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 6KB - Virtual size: 10KB

.pdata
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 1KB