2024-04-09_915ca63b44bad07b8a83003a1f0fc53c_mbrlock_xiaoba | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-09_915ca63b44bad07b8a83003a1f0fc53c_mbrlock_xiaoba
Size

207KB
MD5

915ca63b44bad07b8a83003a1f0fc53c
SHA1

9f04e2b87bb24b20d29b24c9eaed7945e9648c47
SHA256

7a236d0c032f415f85ffa89f29b7dcf7c814431172040dec2650f68d3cb02eb4
SHA512

a15e9afc68e541430aac846df4493e3fb7258b9572ae06e97a066e1a439e64c4ae3280ace493d5ce2bc44c4cd9a72a5febe9f870cf2f1c8357329750642f529e
SSDEEP

3072:lTPhndUo2Nb5JSr6K5IVru+jcqqTScnCkIAwYocmAQFXe2hNjmrq0:lTZndUn5K5ItuOc36ZAwTQousb0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-09_915ca63b44bad07b8a83003a1f0fc53c_mbrlock_xiaoba

Files

2024-04-09_915ca63b44bad07b8a83003a1f0fc53c_mbrlock_xiaoba
.exe windows:4 windows x86 arch:x86

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

FreeLibrary
lstrcatA
GetModuleFileNameA
ExitProcess
LoadLibraryA
GetProcAddress
lstrlenA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ