6a0b06c5e33da79b98031285be0e87f8_lockbit_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6a0b06c5e33da79b98031285be0e87f8_lockbit_JC.exe
Size

150KB
MD5

6a0b06c5e33da79b98031285be0e87f8
SHA1

e5666ed6f65ecd491906d3a4fb4897e58248106c
SHA256

8e966f893d60f20339f74ca0fd715a0c1d2f38356b9d1fb9570def32b19bd4c9
SHA512

090468725a3751c7f8f4f76276753085a07e7dab50e016622c91066c388c45ea6b1f30efb64e70733d1cc16855947ce50b388c5bd492982a5f2d52a07c1fe231
SSDEEP

3072:mK/uS6EmF/s5KN+V/QBmPD83A3apYl7TZd08y1bQMq:mqi/+ABmPYpOe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a0b06c5e33da79b98031285be0e87f8_lockbit_JC.exe

Files

6a0b06c5e33da79b98031285be0e87f8_lockbit_JC.exe
.exe windows x64

5834ed4291bdeb928270428ebbaf7604

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetFilePointer
GetFileInformationByHandle
GetTempPathA
CreateFileA
DeleteFileA
FileTimeToLocalFileTime
WideCharToMultiByte
GetTempFileNameA
FileTimeToDosDateTime
HeapCreate
HeapAlloc
HeapDestroy
CreateDirectoryW
CompareFileTime
TerminateProcess
RemoveDirectoryW
SetEndOfFile
CreateFileW
ResumeThread
DeleteFileW
MoveFileExW
CreateProcessW
GetFileTime
GetExitCodeProcess
CopyFileW
GetFileAttributesW
LoadLibraryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetStartupInfoW
WaitForDebugEvent
InitializeProcThreadAttributeList
ContinueDebugEvent
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
TerminateThread
CreateThread
SetThreadPriority
VirtualFree
FreeLibrary
LocalAlloc
GetCurrentThreadId
OpenProcess
SetEvent
LocalFree
GetStringTypeW
ReadFile
GetOEMCP
GetACP
IsValidCodePage
FindClose
FindNextFileW
FindFirstFileW
GetTickCount
GetModuleHandleW
GetProcAddress
Sleep
CloseHandle
GetLastError
CreateEventW
WaitForSingleObject
SetLastError
GetModuleFileNameW
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleExW
IsProcessorFeaturePresent
TlsSetValue
TlsGetValue
WriteFile
ExitProcess
GetCommandLineW
GetCPInfo
LoadLibraryExW
GetCurrentProcess
VirtualAlloc
MultiByteToWideChar

user32

SendMessageTimeoutW
GetShellWindow
GetThreadDesktop
CharPrevW
GetUserObjectInformationW
GetProcessWindowStation
GetWindowThreadProcessId

advapi32

RegCloseKey
QueryServiceStatusEx
RegSetKeyValueW
CreateWellKnownSid
RegFlushKey
RegEnumKeyExW
RegOpenKeyW
CreateProcessAsUserW
RegRenameKey
RegDeleteKeyW
RegCreateKeyW
RegEnumValueW
RegQueryInfoKeyW
CloseServiceHandle
OpenSCManagerW
RegCreateKeyExW
RegSetValueExW
StartServiceW
RegOpenKeyExW
RegDeleteValueW
OpenServiceW

shell32

SHGetKnownFolderPath
ShellExecuteExW
SHAssocEnumHandlersForProtocolByApplication
SHGetSpecialFolderPathW
SHCreateItemFromParsingName

ole32

CoCreateGuid
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoGetObject
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoInitializeEx

oleaut32

SysStringLen
SysAllocString
SysFreeString
VariantInit

rpcrt4

RpcBindingSetAuthInfoExW
RpcRaiseException
RpcAsyncInitializeHandle
RpcAsyncCompleteCall
RpcBindingFree
NdrAsyncClientCall
UuidCreateNil
UuidCompare
NdrClientCall2
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW

ntdll

NtDeleteKey
RtlNtStatusToDosErrorNoTeb
NtFreeVirtualMemory
RtlInitializeSid
RtlDestroyHeap
RtlAllocateHeap
NtQuerySystemInformation
RtlSubAuthoritySid
RtlCreateBoundaryDescriptor
LdrGetDllHandle
NtQueryInformationProcess
RtlDeleteBoundaryDescriptor
NtOpenProcess
LdrFindResource_U
NtReadFile
NtQueryInformationToken
NtAllocateVirtualMemory
LdrEnumerateLoadedModules
RtlPrefixUnicodeString
NtDeleteValueKey
RtlLengthRequiredSid
RtlAcquirePebLock
RtlImageNtHeader
RtlGetVersion
RtlPushFrame
NtFsControlFile
NtDeleteFile
NtCreatePrivateNamespace
NtQueryInformationFile
DbgUiSetThreadDebugObject
RtlFreeHeap
RtlRaiseStatus
RtlSetHeapInformation
RtlCreateHeap
LdrFindEntryForAddress
RtlAddSIDToBoundaryDescriptor
RtlReleasePebLock
RtlExpandEnvironmentStrings_U
NtQueryValueKey
LdrAccessResource
RtlUnwindEx
NtCreateKey
NtMapViewOfSection
NtUnmapViewOfSection
NtCreateEvent
NtClose
RtlInitUnicodeString
RtlRandomEx
RtlEqualUnicodeString
RtlPopFrame
NtNotifyChangeDirectoryFile
RtlGetFrame
NtWaitForSingleObject
NtCreateFile
NtSetEvent
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
NtTerminateProcess
NtCreateSection
RtlComputeCrc32
RtlQueryElevationFlags
LdrGetDllHandleEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtCompressKey
RtlExitUserProcess
RtlImageDirectoryEntryToData
RtlFreeSid
NtDuplicateObject
RtlLengthSid
RtlAllocateAndInitializeSid
NtSetInformationToken
NtRemoveProcessDebug
NtDuplicateToken
NtSetValueKey
RtlFormatCurrentUserKeyPath
NtOpenKey
NtOpenProcessToken
RtlAppendUnicodeToString
NtDeletePrivateNamespace
RtlAppendUnicodeStringToString
RtlGetCurrentPeb

comctl32

ord17

cabinet

ord13
ord14
ord11
ord10

msdelta

ApplyDeltaB
DeltaFree

bcrypt

BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptDecrypt
BCryptGetProperty
BCryptDestroyKey
BCryptGenerateSymmetricKey

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5834ed4291bdeb928270428ebbaf7604

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

rpcrt4

ntdll

comctl32

cabinet

msdelta

bcrypt

Sections

.text Size: 74KB - Virtual size: 73KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 6KB - Virtual size: 8KB

.pdata Size: 3KB - Virtual size: 2KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 74KB - Virtual size: 73KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 6KB - Virtual size: 8KB

.pdata
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 1KB