53ee5b09954ec8eaf19fe02c71d750b838b761c49f7dcf992cdafb8c6b5ac997

Sharing

Copy URL Twitter E-mail

General

Target

53ee5b09954ec8eaf19fe02c71d750b838b761c49f7dcf992cdafb8c6b5ac997
Size

29KB
MD5

f339227233213ab55111a4e02cc51c5d
SHA1

50de458aa98209fe662d2e0f335976b68797dc9b
SHA256

53ee5b09954ec8eaf19fe02c71d750b838b761c49f7dcf992cdafb8c6b5ac997
SHA512

0f12001e03d584e94597a2f4dde76f2ce1bcc198db0d9a824ff886b330dcdef8fc7cd83fb5b02435ee37a2bf9b877f84cadf930349e5be2e5960b243300a6fad
SSDEEP

768:mCmVLbvLdUUUqC5BERd3jqQ30wMKaR7ICOa0vQNPlqV:tmVrzC5uqQkwMKaCdvylq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
53ee5b09954ec8eaf19fe02c71d750b838b761c49f7dcf992cdafb8c6b5ac997

Files

53ee5b09954ec8eaf19fe02c71d750b838b761c49f7dcf992cdafb8c6b5ac997
.dll windows:4 windows x86 arch:x86

bb38541e7c6aac2346b3c39a4a342e7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord823
ord825

msvcrt

_adjust_fdiv
malloc
_initterm
free
_iob
printf
strchr
memcmp
strlen
_vsnprintf
memcpy
srand
strcpy
rand
strcat
sscanf
_beginthreadex
wcstombs
strncpy
strstr
fclose
fwrite
fopen
_strlwr
__CxxFrameHandler
sprintf
memset
_purecall

kernel32

WriteFile
GetSystemDirectoryA
FlushFileBuffers
GlobalFree
SetFilePointer
FreeLibrary
DeleteFileA
PeekNamedPipe
ReadFile
WaitForMultipleObjects
CreatePipe
DisconnectNamedPipe
GlobalAlloc
CreateProcessA
GetFileSize
GetFileTime
SetFileTime
GetHandleInformation
TerminateProcess
EnterCriticalSection
GetCurrentProcessId
GetVersionExA
Sleep
FreeConsole
WaitForSingleObject
GetModuleFileNameA
ExitProcess
CloseHandle
DuplicateHandle
GetCurrentProcess
CreateFileA
OutputDebugStringA
OpenProcess
GetLocalTime
InitializeCriticalSection
GetProcAddress
LoadLibraryA
DeleteCriticalSection
GetTickCount
QueryPerformanceCounter
LeaveCriticalSection
GetSystemDefaultLangID

user32

DefWindowProcA
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
DispatchMessageA
TranslateMessage
GetMessageA
PostQuitMessage

gdi32

GetStockObject

advapi32

RegOpenKeyExA
RegCloseKey
RegisterServiceCtrlHandlerA
RegCreateKeyExA
GetUserNameA
RegSetValueExA
RegQueryValueExA
SetServiceStatus

ws2_32

gethostname
gethostbyname
inet_ntoa

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

Exports

Exports

ServiceMain
Start

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb38541e7c6aac2346b3c39a4a342e7d

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

ws2_32

msvcp60

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB