armlock[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

armlock.exe
Size

266KB
MD5

e0c83baed9b924c7686b41164f834181
SHA1

43062591260845e745b82d3c761208b6d9e1c24d
SHA256

0090cd75ff10f595ba0a71e0e357c929f4d9f0b1615d47220b45eeb97a748165
SHA512

8336a48e3da0adf2e8055e81fc721c43a9074ee2b112a6eb1a88d06e7981c3cc8ad43ca7c2423bc50cc6a0c8c56c3ade6b4dd965a711a7cee858d2f41ebd47e3
SSDEEP

3072:+2FNBFDHgg1ccex8q0JJSbVPIxNx66b8aXqGSMaNaXVOUlIlPGUU1ZgjufGJFUlx:vFDHgg1bexPjhAj5F5aNuImItkfGU5V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
armlock.exe

Files

armlock.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ