�))4kE�H_d���B7�e?���j�[��`���x�L�aL�/�("�#F�cW����m�C�H�B�{�{Z\҂Z�&�q��t�`߇�k��@�����z�"�zk�b&�bݏ���,PǸ�8���x8�߰T@o�EHu�AH�fR6���H_=3L�MSP���VM�������*DY���Zw ��4�ee�,��; ���R o����Q��w�KP�j���L��ۻ!�m�=� ���9s�����5��2P�_@���9w͊�&��E� ���o3x�ط-�T3�C�����{���b��*,~�/��վ�f�6��}-��-eV�� �cR�\�?D!��V�5̭q�֭����%!s��BD��R膯�\߽1S�Lh�@"*+�����z_-[��B�Vۮ֣���Ż;լ�݀ԙ�`�x�˙�� ��]vM ���M��Ԟ��c|�z�a/���Ui��_z��`��*@�"�}2FY�e�Z�OR�Iֲ���� !���RI�\�_ g�<nF��._-�:�=k����H�$I�"�#����=���"����f��?c+o������l 'U+c,R�2a�&�/cֹ'��I�W_uf�td��_��B���6�-���|)�5�Bٍ�w������\{�[F~T�hr1�x�2���i�:�<z�<���䳫 l���_��Kt~����")hAΜ��p������xX�ƌU� sx2�v:����:�0嫁}1�tl����� �쥍����@���±|�u�� `�}�gy�tV �NJ��ֶإ±feD�:� 5�~�����"��8�e�B�����m2C��-��pV��է����z�N�������yn�c�@�&G�Qϣfd��!���r�Y!/}1�ES��^�������[6�ϹnMfgA��Bn.Nj������!M:��]�h#l��d��ʴ��[^�+���[����v��aPFi�M��4 ���W��& d wV��7��N�n�=�2�_�2 bu�#�m^�8�{�dA�I�;.@�<Rf��K��PGu�;b g�g�~Gb??vax����,��k/���s�|q��2�Ұ8�͖�`٤K5����� �zH�{�<:����Go&�;6G��V��Y���H6L��gX���fB�mA=�ۙGS� �K��>�&@�Ω�Ob��LdVF���A�T.-��K_����42/�1�l�i6���EUM���M27��(#G�T&=��V�pd�9�Y���NP�ʦ�5�a�Ҕ���y�i��d�^\Wnt��I�|�s���w�dx��^������ٛ����a�^�3d�Y�~�e�<A�qN�x&�� Ă M�F/�^�t�^�ow��P�A>�~�Z�O˹�w'7FQ����&��,�Xf\\�K�(�,�r�e���}'�l��d���O��ˑTj�~~Sw����Qn��{�D�r�:�3��T2��cp J�t�|˾��gm��W��C�z/̺��1Z6���znZ����aj��<YqLe���4�u�Au�N�}o9̠�w@n'���j��$6�=}&���Sδ緍�g�WG6.��n�x{��Y�1w�5� �G9WY�6�tǜDF�p��?}�Go�c�Y�����̧����O��Mj9�t�}ָ&����d��W�Ph~���YW`�"��1����|�������r����f��r�>ʔE�5/���OdœeMK����v�}wa��oq���aC�"���X8&�l�m��F�M5�{n_������Rn��я�� �`.�u��RO�VB���L��?��U���,>gY�y��������~�Hխ��Cd�DZ����?`D�ս�P���8�p�l�*����|�����k��b��#��@!ϙ�Ǧ{��Z{K���M��m�5������� ����ٲ@�ō ����n I-pf���F��s�yϓ��\���=��n}̙��F$��0=_bͣ�'˱���k�t�{`<;�Q��g" wk���,l�۶�5]!����q6� <�@oB:_$ ����N�7��h�"�����f���$���RM ��p1:�qBw�w#Y���,�<t���aN�<�<=��T�R��Z�y�� ?�0F~��ɷ ������YL�K|�}:�����Ŗ �z�^�{4dw�DS0Xħ�q���w� c(7MJl>�wo�/~K��:��:h9M���D�� o5�P*s��Ă�sF6�!"}�Z�ħ��z��g����=��4�� ʥ9!�����(q3�Z������Np̂��̝�0���S��4Mal�>��Z�������3H��G�^��� 9���q�p�Ě*⮣�x٧>t��:�k�>�� ��KZz��u(��s�<D�}�<\�h�4:}���8�13p_!/��x�=u����6A��zj�v��j���kSLq��U�~H���J(?E����շ��"��j"�����iˊ�U&�C9�\UB�[L�b|7�����_�m����m%(z}����7�o`e5���0#����i�6���9�͒2���|��]�(�+8: ӉX����|^C��HarR��/�zy�p����5%�J[�g�0����Uj?��o��MD�ցF�yw�����_ ��s"k&�8@ߜ7D� ���6�l��Qd]!\�h�Ά�Kj�� ݲ��G�O*L0��;�d~��垜��d�� �9D�|Y�*�N`�OV��q˩���7�`A�K�.���a��a֑Nٶ��9�f�u�I�)�8 �y� O��FaF4�xJ]�d�Z@C,�S�(�R%��(N��Û8�����D?d¢�ۛ�����TG�K�����0���Pw��<�i �?^�$Y���F��o�a!s� �N//�����YS���4�L�m�[;,��0�X���������0��.�a�{TknF�����G���* ��k�3�l���rm����J������m`�^hL8��� �����^3L9>kMm��uʃ�l�LsO1^�m9,$�bNރlF��
Static task
static1
Behavioral task
behavioral1
Sample
unlocker.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
unlocker.exe
Resource
win10v2004-20230220-en
General
-
Target
unlocker.exe
-
Size
767KB
-
MD5
03a66228723e557cfe0d8ddefc45491b
-
SHA1
e0a43b12e35f4875fde7f02454db4feae82596de
-
SHA256
ea535db60fb8434f1bfd5ac37597988193a7840c60586a5b0eba8c937648fb0b
-
SHA512
e4c2c34c1efaae8a2c3027ee7666797eaf5fa8eae00c1a77994b9203cbd5f46acfdc77597867a8ad7b7f35a55e0fd077a5146bd478e1ab4f4e492e658180559e
-
SSDEEP
12288:fnj2LsTeeL2EhhCHWAwZCX16X++0YlZH6utpRC/0zuPmjx0Kbh1wtVm9Qi4mRT:fj2LorLOWAaU1fYTautZz7jx0M6mR
Malware Config
Signatures
Files
-
unlocker.exe.exe windows x86
a82665b271ec3f71aa749028e76d9c5f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
EnumResourceTypesW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess
vcruntime140
strstr
api-ms-win-crt-heap-l1-1-0
malloc
api-ms-win-crt-string-l1-1-0
strncmp
api-ms-win-crt-runtime-l1-1-0
strerror
api-ms-win-crt-convert-l1-1-0
strtoul
api-ms-win-crt-stdio-l1-1-0
getchar
api-ms-win-crt-math-l1-1-0
ldexp
api-ms-win-crt-time-l1-1-0
_gmtime64
api-ms-win-crt-filesystem-l1-1-0
rename
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-locale-l1-1-0
setlocale
user32
CharUpperBuffW
Exports
Exports
Sections
.text Size: - Virtual size: 314KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: - Virtual size: 80B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.MaCon0 Size: - Virtual size: 542KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.MaCon1 Size: 765KB - Virtual size: 764KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 336B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 469B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ