LockAppHost[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

LockAppHost.exe
Size

88KB
MD5

723f92b86d765361a754b7f2c2928ea1
SHA1

08e7ab27a5b4c4aa6a04d40767f8151ef4ee7341
SHA256

12d9f634a3fe67f93c52497b09582a244affa24ffe10a34e6a0d6d4c5381cd66
SHA512

b97ebd20d3e3cb08ee5ceb85019c70619912a5dc03fa4da94a5bb68294185042bf5969116a52284a297989fe174a3bc679c63c802c45c631b89329ce5d6c4f0e
SSDEEP

1536:jtWfSdl+sjsPV5WzB7eTEpDJWUBtRMx/gW0kbJST663+eOAZ6Z6WqwkL/dOfAPd:IfSdl9jgCzB7ZW2+aW0Y4663+eOC6Z63

Score

1^/10

Malware Config

Signatures

Files

LockAppHost.exe
.exe windows x64

992be79ae17ed3220c3e4b4d1b7e29b5

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:30

Not After

03-03-2021 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:c9:e0:29:f1:7c:30:ef:9c:79:6c:ff:99:42:25:cb:a1:99:60:f8:eb:80:69:cd:44:9b:4f:5a:e0:a8:8e:8c
Signer

Actual PE Digest

b9:c9:e0:29:f1:7c:30:ef:9c:79:6c:ff:99:42:25:cb:a1:99:60:f8:eb:80:69:cd:44:9b:4f:5a:e0:a8:8e:8c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

GetMessageA
DispatchMessageA
PostThreadMessageA
TranslateMessage

msvcrt

_vsnwprintf
_exit
??1type_info@@UEAA@XZ
_onexit
exit
__wgetmainargs
__dllonexit
_unlock
_amsg_exit
_lock
memcpy
memcpy_s
memcmp
_XcptFilter
_cexit
?terminate@@YAXXZ
_commode
_fmode
memmove_s
_wcmdln
_vsnprintf_s
__C_specific_handler
_CxxThrowException
_initterm
__setusermatherr
??3@YAXPEAX@Z
_purecall
memmove
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
__set_app_type
??_V@YAXPEAX@Z
__CxxFrameHandler3
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
memset

lockhostingframework

StartLockAppHostServer
ShutdownLockAppHostServer

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoResumeClassObjects
CoRegisterClassObject
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoReleaseServerProcess
CoAddRefServerProcess
CoInitializeEx

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
Sleep

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
OpenSemaphoreW
InitializeCriticalSectionEx
CreateSemaphoreExW
LeaveCriticalSection
ReleaseSRWLockShared
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSemaphore
DeleteCriticalSection
WaitForSingleObject
CreateMutexExW
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsDeleteString

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoRegisterActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

imm32

ImmDisableIME

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

992be79ae17ed3220c3e4b4d1b7e29b5

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

b9:c9:e0:29:f1:7c:30:ef:9c:79:6c:ff:99:42:25:cb:a1:99:60:f8:eb:80:69:cd:44:9b:4f:5a:e0:a8:8e:8cSigner

Headers

DLL Characteristics

File Characteristics

Imports

user32

msvcrt

lockhostingframework

api-ms-win-core-com-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

imm32

Sections

.text Size: 49KB - Virtual size: 49KB

.imrsiv Size: - Virtual size: 4B

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 1024B - Virtual size: 700B

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

b9:c9:e0:29:f1:7c:30:ef:9c:79:6c:ff:99:42:25:cb:a1:99:60:f8:eb:80:69:cd:44:9b:4f:5a:e0:a8:8e:8c
Signer

.text
Size: 49KB - Virtual size: 49KB

.imrsiv
Size: - Virtual size: 4B

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 1024B - Virtual size: 700B