lobshot | ae221670729038f92398b7fe4e08928ea6ebc0c1d006c63c8a3bac2e30770c2b

Sharing

Copy URL

Twitter E-mail

General

Target

ae221670729038f92398b7fe4e08928ea6ebc0c1d006c63c8a3bac2e30770c2b
Size

94KB
MD5

93fd11cf69ac4f2b596f4e51a561b7b0
SHA1

077e1d02b17f023a13e64b43d9b19764705e3e8d
SHA256

ae221670729038f92398b7fe4e08928ea6ebc0c1d006c63c8a3bac2e30770c2b
SHA512

4d870ba8af1617982c5f0e9cbd2da6fa5b0f109b8cd9ef2e6f7fcefacd4e44a13a018e2d1733798e59d2bbe62d337c121eef3408efb315252eed729dd1cb6372
SSDEEP

1536:QNDrcwsIe38pzMX4Zm3QVd4lrYKIgInPv2Pvl/XNas2fRBW5nrJrc:QNDrpArCcQVd46bnPvuozrW5nrJo

Score

10^/10

lobshot

Malware Config

Signatures

Detects Lobshot family 1 IoCs

resource	yara_rule
sample	family_lobshot

Lobshot family
lobshot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae221670729038f92398b7fe4e08928ea6ebc0c1d006c63c8a3bac2e30770c2b

Files

ae221670729038f92398b7fe4e08928ea6ebc0c1d006c63c8a3bac2e30770c2b
.exe windows:6 windows x86 arch:x86

ecaf0cd424d956a22ecbd7780629e688

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileSectionNamesW
ResumeThread
GetPrivateProfileStringW
Sleep
lstrcpyA
MoveFileExW
GetCurrentProcessId
CreateProcessA
TerminateJobObject
lstrcmpiW
GetTickCount
GetCommandLineW
GetCurrentProcess
TerminateProcess
lstrcmpA
SetFileAttributesW
ExitProcess
lstrcmpW
SetErrorMode
ExitThread
SetUnhandledExceptionFilter
FindFirstFileW
FindNextFileW
ExpandEnvironmentStringsW
FindClose
TerminateThread
GetWindowsDirectoryW
CreateJobObjectW
GetVersionExW
WaitForMultipleObjects
EnterCriticalSection
lstrcpynW
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameW
GetEnvironmentVariableA
UnmapViewOfFile
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CreateFileMappingA
SetEnvironmentVariableA
GetEnvironmentVariableW
GetCurrentThreadId
ProcessIdToSessionId
GetTickCount64
WTSGetActiveConsoleSessionId
AssignProcessToJobObject
GetPrivateProfileIntW
WritePrivateProfileStringW
CreateDirectoryW
lstrcmpiA
GlobalUnlock
GetTempFileNameW
lstrcpyW
CopyFileW
CreateProcessW
GetFileSize
LocalFree
GlobalLock
GetProcAddress
CreateThread
CloseHandle
DeleteFileW
GlobalAlloc
lstrcatW
LoadLibraryA
GetLastError
FormatMessageW
GetModuleHandleA
lstrcatA
GetFileAttributesW
CreateFileW
LocalAlloc
WaitForSingleObject
lstrlenA
SetFilePointer
VirtualAlloc
WriteFile
lstrlenW
VirtualFree
MoveFileW
ReadFile

user32

GetUserObjectInformationW
GetThreadDesktop
MonitorFromWindow
ToAscii
SetForegroundWindow
PtInRect
OpenDesktopW
MenuItemFromPoint
HiliteMenuItem
ActivateKeyboardLayout
PrintWindow
BringWindowToTop
GetTopWindow
CreateDesktopW
SetWindowLongA
VkKeyScanExA
GetKeyboardState
GetMenuItemCount
SetActiveWindow
SetWindowPos
GetDC
GetMenu
GetWindow
IsClipboardFormatAvailable
GetDesktopWindow
GetProcessWindowStation
GetKeyboardLayoutList
PostMessageW
GetWindowRect
SendMessageTimeoutW
SendMessageTimeoutA
ScreenToClient
WindowFromPoint
GetWindowPlacement
IsWindow
CloseDesktop
GetKeyboardLayout
MoveWindow
SetFocus
LoadKeyboardLayoutA
SystemParametersInfoA
GetParent
IsWindowVisible
SetThreadDesktop
GetWindowLongA
GetWindowTextW
OemToCharA
GetClassNameW
CharLowerA
GetWindowThreadProcessId
FindWindowExW
PostMessageA
wsprintfA
FindWindowW
OpenClipboard
wvsprintfW
CloseClipboard
EmptyClipboard
wvsprintfA
GetClipboardData
SetClipboardData
EnumDesktopWindows

gdi32

DeleteDC
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
CreateDCA
CreatePen
Rectangle
DeleteObject
CreateSolidBrush
GetDeviceCaps
GetDIBits

advapi32

RegSetValueA
GetSidSubAuthorityCount
GetSidSubAuthority
RegQueryValueExW
RegDeleteValueA
RegDeleteValueW
RegOpenKeyExW
RegOpenKeyExA
RegSetValueExA
RegSetValueExW
RegQueryValueExA
RegCloseKey
RegQueryValueA
RegEnumKeyA
GetTokenInformation
OpenProcessToken

shell32

ShellExecuteW
SHGetFolderPathW

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ecaf0cd424d956a22ecbd7780629e688

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 5KB - Virtual size: 25KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 5KB - Virtual size: 25KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB