lockfile | 530d370e373840e00d647ed093f288d7 | Triage

Sharing

General

Target

530d370e373840e00d647ed093f288d7
Size

811KB
MD5

530d370e373840e00d647ed093f288d7
SHA1

891a0a81578447a00e87233caa868a02088dfc96
SHA256

075c9f1b94d9379b0fe799f2aee76605941cc7d0871e4f16c736b96b4a87b8dd
SHA512

384c562ccd9596c11e4bd528d456159dc1cdd6903860d6299d01cc07dd373886585aaf529757abb45d9b2a9f5f852bd7f29c26bc41f82a9f28b3d8f2c31999f1
SSDEEP

12288:CwTjz4QwaGdWYgeWYg955/155/ybxq1yg4bP0Xrh57rXoMkZGsh:CwHcQwBPxq1KbSh57rXhkMsh

Score

10^/10

lockfile

Malware Config

Signatures

Detect LockFile payload 1 IoCs

resource	yara_rule
sample	family_lockfile

Lockfile family
lockfile

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
530d370e373840e00d647ed093f288d7

Files

530d370e373840e00d647ed093f288d7
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 391KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 245KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ