30102023_2114_LCK[.]sct[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

30102023_2114_LCK.sct.dll
Size

3.4MB
MD5

5a749f61caec023b80e6402ba5d1df23
SHA1

6640ac5962e05768bed795f59355d57dac2b284a
SHA256

d1ce8046494ed2eea7d701e764ab39da8f89e964825a5c8df169024ee6df851d
SHA512

9497ee53c6468b97f349bf99f92e8aca1d36eb5f724340a508d0482b17c4cb54854745ee7676f086d737d64a3d1e3e3ac812fa3ae932489c4a5973affedc560a
SSDEEP

98304:41ts7WDzDbGYPRHgTeD0t1OBYLkOpw1n4:41cyzDb/PRHgTs1

Score

1^/10

Malware Config

Signatures

Files

30102023_2114_LCK.sct.dll
.dll windows:6 windows x86

Password: infected

68a13b1b52c362e557489a97a66e3fce

Code Sign

56:b6:29:cd:34:bc:78:f6
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

31/05/2017, 18:14

Not After

30/05/2042, 18:14

Subject

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:cd:8b:40:97:2c:99:a5:a5:de:11:49:3c:c8:26:a5
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

25/10/2023, 15:15

Not After

24/10/2024, 15:15

Subject

SERIALNUMBER=12867351,CN=FREEZE ME LTD,O=FREEZE ME LTD,L=Peterborough,C=GB,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26/03/2019, 17:44

Not After

22/03/2034, 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:c3:7a:1b:86:be:17:d1:4f:25:50:50:02:f6:b9:c5:89:20:cd:6c:74:e2:a6:76:a6:e1:3c:4a:81:09:df:a4
Signer

Actual PE Digest

17:c3:7a:1b:86:be:17:d1:4f:25:50:50:02:f6:b9:c5:89:20:cd:6c:74:e2:a6:76:a6:e1:3c:4a:81:09:df:a4

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winhttp

WinHttpConnect
WinHttpReceiveResponse
WinHttpOpen
WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest
WinHttpQueryDataAvailable

shlwapi

PathFileExistsW
PathFindFileNameW

kernel32

GetOEMCP
GetACP
FindFirstFileExW
FindClose
GetTimeZoneInformation
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
SizeofResource
GetLastError
LockResource
GlobalAlloc
GlobalFree
LoadResource
FindResourceW
GlobalLock
LocalAlloc
ExitThread
LoadLibraryA
GetProcAddress
ExitProcess
lstrcpyW
CreateDirectoryW
ReadFile
SetHandleInformation
GetModuleFileNameW
CreatePipe
GetCurrentThreadId
Sleep
CloseHandle
GetLocalTime
GetTimeFormatW
CreateProcessW
GetDateFormatW
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
GetCommandLineA
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
FindNextFileW
ReadConsoleW
HeapQueryInformation
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
SetConsoleCtrlHandler
WriteConsoleW
GetFileType
GetStdHandle
GetCurrentThread
FreeLibraryAndExitThread
ResumeThread
CreateThread
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
InterlockedFlushSList
InterlockedPushEntrySList
RaiseException
RtlUnwind
GetCPInfo
CompareStringEx
GetStringTypeW
LCMapStringEx
GetLocaleInfoEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
IsValidCodePage
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
SetEnvironmentVariableW
WaitForSingleObjectEx
VirtualQuery
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InitializeSListHead

user32

EnumChildWindows
CallNextHookEx
MoveWindow
UnhookWindowsHookEx
EnumWindows
SetWindowsHookExW
EnableMenuItem
SetForegroundWindow
SendInput
GetWindowTextW
MessageBoxW
LoadIconA
SetWindowTextW
ShowWindow
EnableWindow
CallWindowProcW
GetFocus
IsWindowVisible
GetDlgItemTextW
SendDlgItemMessageW
GetSysColor
SetFocus
GetDlgItem
UpdateWindow
InvalidateRect
GetWindowLongW
CreateDialogParamW
GetWindowRect
SetWindowPos
ScreenToClient
ClientToScreen
MessageBoxA
SetWindowLongW
GetClientRect
CreateDialogIndirectParamW
SendMessageW
SetActiveWindow
DestroyWindow
SetDlgItemTextW
GetKeyState

gdi32

SetTextColor
SetBkMode
CreateSolidBrush
CreateFontW

comdlg32

GetSaveFileNameW

Exports

Exports

Crash
beNotified
getFuncsArray
getName
isUnicode
messageProc
setInfo

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

68a13b1b52c362e557489a97a66e3fce

Code Sign

56:b6:29:cd:34:bc:78:f6Certificate

Key Usages

35:cd:8b:40:97:2c:99:a5:a5:de:11:49:3c:c8:26:a5Certificate

Extended Key Usages

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4bCertificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

17:c3:7a:1b:86:be:17:d1:4f:25:50:50:02:f6:b9:c5:89:20:cd:6c:74:e2:a6:76:a6:e1:3c:4a:81:09:df:a4Signer

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

shlwapi

kernel32

user32

gdi32

comdlg32

Exports

Exports

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 295KB - Virtual size: 294KB

.data Size: 33KB - Virtual size: 48KB

.rsrc Size: 37KB - Virtual size: 37KB

.reloc Size: 56KB - Virtual size: 56KB

56:b6:29:cd:34:bc:78:f6
Certificate

35:cd:8b:40:97:2c:99:a5:a5:de:11:49:3c:c8:26:a5
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

17:c3:7a:1b:86:be:17:d1:4f:25:50:50:02:f6:b9:c5:89:20:cd:6c:74:e2:a6:76:a6:e1:3c:4a:81:09:df:a4
Signer

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 295KB - Virtual size: 294KB

.data
Size: 33KB - Virtual size: 48KB

.rsrc
Size: 37KB - Virtual size: 37KB

.reloc
Size: 56KB - Virtual size: 56KB