General

Malware Config

Signatures

Files

• cf3b068448640298738c2a407427335a289832d0c0013fda10e0fceceb208cd9.sample

  .exe windows:6 windows x86 arch:x86

  5bf936bebe28f8480c668b86291f79fc

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  D:\Education\locker\bin\stub_win_x86_encrypter.pdb

  Imports

  crypt32

  CryptStringToBinaryW

  CryptBinaryToStringW

  shlwapi

  StrStrIW

  PathFindExtensionW

  PathIsUNCW

  rstrtmgr

  RmGetList

  RmStartSession

  RmRegisterResources

  RmEndSession

  RmShutdown

  mpr

  WNetGetConnectionW

  WNetAddConnection2W

  kernel32

  GetLogicalDrives

  FindFirstVolumeW

  SetVolumeMountPointW

  FindVolumeClose

  GetVolumePathNamesForVolumeNameW

  DeleteVolumeMountPointW

  FindNextVolumeW

  GetDriveTypeW

  ReadFile

  QueryThreadpoolStackInformation

  CloseThreadpool

  CreateThreadpool

  FindFirstFileExW

  FindNextFileW

  WriteFile

  FindClose

  CreateFileW

  SetThreadpoolThreadMinimum

  SetFileAttributesW

  CloseThreadpoolCleanupGroup

  CloseThreadpoolCleanupGroupMembers

  SetThreadpoolThreadMaximum

  CreateThreadpoolCleanupGroup

  SubmitThreadpoolWork

  GetConsoleWindow

  lstrcmpiW

  SetConsoleTitleW

  GetWindowsDirectoryW

  CreateThreadpoolWork

  SizeofResource

  GetCurrentProcess

  AssignProcessToJobObject

  InitializeProcThreadAttributeList

  CreatePipe

  PeekNamedPipe

  WaitForSingleObject

  OpenProcess

  MultiByteToWideChar

  UpdateProcThreadAttribute

  LockResource

  LoadResource

  FindResourceW

  CreateProcessW

  GetModuleHandleW

  WideCharToMultiByte

  GetEnvironmentStringsW

  GetCPInfo

  GetOEMCP

  GetACP

  IsValidCodePage

  SetFilePointerEx

  GetFileSizeEx

  GetFileAttributesExW

  GetExitCodeProcess

  CloseHandle

  GetLastError

  CreateJobObjectW

  SetInformationJobObject

  FreeEnvironmentStringsW

  SetEnvironmentVariableW

  GetProcessHeap

  SetStdHandle

  GetStringTypeW

  FlushFileBuffers

  GetConsoleOutputCP

  GetConsoleMode

  HeapSize

  HeapReAlloc

  DecodePointer

  QueryDosDeviceW

  MoveFileW

  LocalFree

  FormatMessageA

  GetLocaleInfoEx

  RaiseException

  WaitForSingleObjectEx

  Sleep

  GetCurrentThreadId

  GetExitCodeThread

  GetNativeSystemInfo

  IsProcessorFeaturePresent

  FreeLibraryWhenCallbackReturns

  CloseThreadpoolWork

  GetModuleHandleExW

  ReleaseSRWLockExclusive

  AcquireSRWLockExclusive

  WakeAllConditionVariable

  SleepConditionVariableSRW

  GetProcAddress

  InitializeConditionVariable

  WakeConditionVariable

  QueryPerformanceCounter

  QueryPerformanceFrequency

  InitOnceComplete

  InitOnceBeginInitialize

  ReleaseSRWLockShared

  AcquireSRWLockShared

  TryAcquireSRWLockExclusive

  InitializeSRWLock

  InitializeCriticalSectionEx

  GetSystemTimeAsFileTime

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  SetEvent

  ResetEvent

  CreateEventW

  IsDebuggerPresent

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetStartupInfoW

  GetCurrentProcessId

  InitializeSListHead

  TerminateProcess

  RtlUnwind

  SetLastError

  EncodePointer

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  FreeLibrary

  LoadLibraryExW

  CreateThread

  ExitThread

  FreeLibraryAndExitThread

  ExitProcess

  GetModuleFileNameW

  GetStdHandle

  GetCommandLineA

  GetCommandLineW

  HeapFree

  HeapAlloc

  GetFileType

  CompareStringW

  LCMapStringW

  WriteConsoleW

  user32

  GetAsyncKeyState

  RegisterWindowMessageW

  IsWindowVisible

  GetShellWindow

  ShowWindow

  GetWindowThreadProcessId

  advapi32

  CryptGenRandom

  RegSetValueExW

  OpenProcessToken

  GetTokenInformation

  CryptDestroyKey

  CryptGetKeyParam

  CryptAcquireContextW

  CryptEncrypt

  RegGetValueW

  CryptExportKey

  CryptImportKey

  CryptGenKey

  CryptReleaseContext

  RegCloseKey

  RegCreateKeyExW

  shell32

  SHEmptyRecycleBinW

  Sections

  .text

  Size: 243KB - Virtual size: 242KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 61KB - Virtual size: 60KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 9KB - Virtual size: 29KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 6KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 12KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ