2023-08-25_475ee6c6f0d8f076d7310feb40216488_mbrlock_xiaoba_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-25_475ee6c6f0d8f076d7310feb40216488_mbrlock_xiaoba_JC.exe
Size

143KB
MD5

475ee6c6f0d8f076d7310feb40216488
SHA1

ce85875e383d6c0b8219a4dd68109f1aaccc5fd8
SHA256

831ab24d9006ad16af5c920f281ad595305b44feca7c8a4cf0ca41187addebce
SHA512

0b268fb354ba89f07d677611dae4b1d7157c799c0d2da30a8e6dd72db2bf6d4608a4e5b6194b3417540d5014c62d454de16c9cb5da5acab50aebef7c8de2b237
SSDEEP

3072:BTPhndUo2Nb5JSr6K5IVru+jcqqTScnCkIu49oc5:BTZndUn5K5ItuOc36Zu4a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-25_475ee6c6f0d8f076d7310feb40216488_mbrlock_xiaoba_JC.exe

Files

2023-08-25_475ee6c6f0d8f076d7310feb40216488_mbrlock_xiaoba_JC.exe
.exe windows:4 windows x86

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

FreeLibrary
lstrcatA
GetModuleFileNameA
ExitProcess
LoadLibraryA
GetProcAddress
lstrlenA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ