2024-04-20_a614305c93fac140f82dbeafe069b9bb_virlock | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-20_a614305c93fac140f82dbeafe069b9bb_virlock
Size

714KB
MD5

a614305c93fac140f82dbeafe069b9bb
SHA1

a3b4c5918cd9f1b566c83b041c462da4b5e37767
SHA256

cca71d40406baf2c6e90ddadb9d3042ee349314b9d266928884d7191f006f2f7
SHA512

0608d5ce11ca7f0d5461f8f43c8535ade5a272d4ad42483727e53f60c11b419fae327b7c2d4cb3f226fa2de227095a23d225b88bfbda62b11050f7d4bc73cfc4
SSDEEP

12288:wEJxkpdPyIvMm7XZ2WY35JSV6oOeE1qj0GQo0w6aBSt7pcpDSMYGsJy8:pJx0tz7XZc5jw30w6aBVDSMYGsJy8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-20_a614305c93fac140f82dbeafe069b9bb_virlock

Files

2024-04-20_a614305c93fac140f82dbeafe069b9bb_virlock
.exe windows:4 windows x86 arch:x86

c99d3a976aadf2996a5e315b14fce9cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenFileMappingW

advapi32

LsaCreateSecret
CloseCodeAuthzLevel

user32

GetDesktopWindow
GetRawInputDeviceInfoA
GetDialogBaseUnits

ntdll

RtlVerifyVersionInfo
RtlGetSecurityDescriptorRMControl

ws2_32

WSACancelAsyncRequest

oleaut32

VarRound

Sections

.text
Size: 710KB - Virtual size: 712KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE