lobshot | 09843899[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

09843899.exe
Size

52KB
MD5

bb6041b17e9d6c61d1ef7dd20cfecf91
SHA1

2d5f05567b87069387119e89d7bf55d91aab8a5e
SHA256

e4ae8588f62682be84eb88b833c16400aa233a3dfb3d917e0ead080d41486592
SHA512

4cd4b1b32d69af3a704471a881112dddf2e01beacc0d17f86714326dbad155b88c3155ecea25230f1db6c4cccba904649ed262c376cfe46b70a13e58c5ec002e
SSDEEP

1536:ZQQA1O7KzmmY6V+QHMEnFJoAAt4txp4Sr:264XHMEnFGttSxp4w

Score

10^/10

lobshot

Malware Config

Signatures

Detects Lobshot family 1 IoCs

resource	yara_rule
static1/unpack001/ae221670729038f92398b7fe4e08928ea6ebc0c1d006c63c8a3bac2e30770c2b	family_lobshot

Lobshot family
lobshot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ae221670729038f92398b7fe4e08928ea6ebc0c1d006c63c8a3bac2e30770c2b

Files

09843899.exe
.zip

Password: infected
ae221670729038f92398b7fe4e08928ea6ebc0c1d006c63c8a3bac2e30770c2b
.exe windows x86

ecaf0cd424d956a22ecbd7780629e688

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileSectionNamesW
ResumeThread
GetPrivateProfileStringW
Sleep
lstrcpyA
MoveFileExW
GetCurrentProcessId
CreateProcessA
TerminateJobObject
lstrcmpiW
GetTickCount
GetCommandLineW
GetCurrentProcess
TerminateProcess
lstrcmpA
SetFileAttributesW
ExitProcess
lstrcmpW
SetErrorMode
ExitThread
SetUnhandledExceptionFilter
FindFirstFileW
FindNextFileW
ExpandEnvironmentStringsW
FindClose
TerminateThread
GetWindowsDirectoryW
CreateJobObjectW
GetVersionExW
WaitForMultipleObjects
EnterCriticalSection
lstrcpynW
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameW
GetEnvironmentVariableA
UnmapViewOfFile
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CreateFileMappingA
SetEnvironmentVariableA
GetEnvironmentVariableW
GetCurrentThreadId
ProcessIdToSessionId
GetTickCount64
WTSGetActiveConsoleSessionId
AssignProcessToJobObject
GetPrivateProfileIntW
WritePrivateProfileStringW
CreateDirectoryW
lstrcmpiA
GlobalUnlock
GetTempFileNameW
lstrcpyW
CopyFileW
CreateProcessW
GetFileSize
LocalFree
GlobalLock
GetProcAddress
CreateThread
CloseHandle
DeleteFileW
GlobalAlloc
lstrcatW
LoadLibraryA
GetLastError
FormatMessageW
GetModuleHandleA
lstrcatA
GetFileAttributesW
CreateFileW
LocalAlloc
WaitForSingleObject
lstrlenA
SetFilePointer
VirtualAlloc
WriteFile
lstrlenW
VirtualFree
MoveFileW
ReadFile

user32

GetUserObjectInformationW
GetThreadDesktop
MonitorFromWindow
ToAscii
SetForegroundWindow
PtInRect
OpenDesktopW
MenuItemFromPoint
HiliteMenuItem
ActivateKeyboardLayout
PrintWindow
BringWindowToTop
GetTopWindow
CreateDesktopW
SetWindowLongA
VkKeyScanExA
GetKeyboardState
GetMenuItemCount
SetActiveWindow
SetWindowPos
GetDC
GetMenu
GetWindow
IsClipboardFormatAvailable
GetDesktopWindow
GetProcessWindowStation
GetKeyboardLayoutList
PostMessageW
GetWindowRect
SendMessageTimeoutW
SendMessageTimeoutA
ScreenToClient
WindowFromPoint
GetWindowPlacement
IsWindow
CloseDesktop
GetKeyboardLayout
MoveWindow
SetFocus
LoadKeyboardLayoutA
SystemParametersInfoA
GetParent
IsWindowVisible
SetThreadDesktop
GetWindowLongA
GetWindowTextW
OemToCharA
GetClassNameW
CharLowerA
GetWindowThreadProcessId
FindWindowExW
PostMessageA
wsprintfA
FindWindowW
OpenClipboard
wvsprintfW
CloseClipboard
EmptyClipboard
wvsprintfA
GetClipboardData
SetClipboardData
EnumDesktopWindows

gdi32

DeleteDC
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
CreateDCA
CreatePen
Rectangle
DeleteObject
CreateSolidBrush
GetDeviceCaps
GetDIBits

advapi32

RegSetValueA
GetSidSubAuthorityCount
GetSidSubAuthority
RegQueryValueExW
RegDeleteValueA
RegDeleteValueW
RegOpenKeyExW
RegOpenKeyExA
RegSetValueExA
RegSetValueExW
RegQueryValueExA
RegCloseKey
RegQueryValueA
RegEnumKeyA
GetTokenInformation
OpenProcessToken

shell32

ShellExecuteW
SHGetFolderPathW

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

ecaf0cd424d956a22ecbd7780629e688

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 5KB - Virtual size: 25KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 5KB - Virtual size: 25KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB