LockApp[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

LockApp.exe
Size

3.6MB
MD5

69f7e9a2a40fdf9a94fea29cdc10c777
SHA1

29cf0384292f96c9468d7ed6102d253224baa5a6
SHA256

9e571198094b59940dce97741a4643bbac2a7ad59452ee8c0c61f7f112d752a2
SHA512

501c5a8b44fc983d515ccef526a5055dbd14dc40eb330405de0b5a5d1031be30f3d3a5d6483564e0f90b0341f08974bdc2272ff6cd2664a95064663dacd464b0
SSDEEP

49152:V3pCoW33EyKgP7jRkCcjoiU+c5facSedoSYCX+T9GEJitbpnlDnFrBM2gGAebyxo:uP33EyKgP7cD6Iunj

Score

1^/10

Malware Config

Signatures

Files

LockApp.exe
.exe windows:10 windows x64 arch:x64

dd7b79cf09d9f73a1cb47f7635483b31

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b8:46:a6:c8:c4:e6:95:84:86:0c:d6:87:6c:4c:42:72:a0:7c:7e:b7:b3:5e:b7:9b:42:73:1c:33:9e:4b:04:12
Signer

Actual PE Digest

b8:46:a6:c8:c4:e6:95:84:86:0c:d6:87:6c:4c:42:72:a0:7c:7e:b7:b3:5e:b7:9b:42:73:1c:33:9e:4b:04:12

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

lockapp.pdb

Imports

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
CreateMutexExW
ReleaseSRWLockShared
InitializeCriticalSection
WaitForSingleObjectEx
InitializeCriticalSectionEx
ResetEvent
LeaveCriticalSection
EnterCriticalSection
CreateEventExW
AcquireSRWLockShared
WaitForSingleObject
ReleaseMutex
CreateEventW
SetEvent
ReleaseSRWLockExclusive
OpenSemaphoreW
AcquireSRWLockExclusive
CreateSemaphoreExW
ReleaseSemaphore

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolTimer

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
FormatMessageW
GetUserDefaultLocaleName
ResolveLocaleName

api-ms-win-core-featurestaging-l1-1-0

GetFeatureEnabledState
RecordFeatureUsage
RecordFeatureError
SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification

api-ms-win-core-featurestaging-l1-1-1

GetFeatureVariant

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation
EventActivityIdControl

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetVersionExW
GetTickCount

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
InitOnceComplete
InitOnceExecuteOnce
Sleep
WakeAllConditionVariable
InitOnceBeginInitialize

api-ms-win-core-com-l1-1-0

CoGetApartmentType
CoTaskMemAlloc
CoTaskMemFree
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoCreateGuid
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoGetObjectContext

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeExW
WideCharToMultiByte
GetStringTypeW

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsGetStringLen
WindowsDuplicateString
WindowsDeleteString
WindowsCreateString
WindowsConcatString
WindowsCompareStringOrdinal
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA

msvcrt

pow
_wsetlocale
__crtLCMapStringW
__crtCompareStringW
_wcsdup
_vsnprintf_s
abort
memcmp
___lc_collate_cp_func
calloc
_set_errno
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
setlocale
_callnewh
malloc
memmove
memcpy
??0exception@@QEAA@AEBQEBDH@Z
_CxxThrowException
wcslen
memset
_get_errno
_commode
_fmode
?terminate@@YAXXZ
__ExceptionPtrCreate
__ExceptionPtrCurrentException
memmove_s
_initterm
__ExceptionPtrRethrow
__setusermatherr
_ismbblead
__ExceptionPtrCopy
__ExceptionPtrDestroy
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
??1type_info@@UEAA@XZ
_onexit
__C_specific_handler
__dllonexit
_unlock
_lock
realloc
free
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
wcsrchr
wcsstr
_wtof
_wcstoui64
wcschr
wcstol
_errno
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
swprintf_s
_wcsicmp
_purecall
??3@YAXPEAX@Z
_vsnwprintf
difftime
memcpy_s
__pctype_func
time
__CxxFrameHandler3
_acmdln
strchr

wincorlib

?GetCmdArguments@Details@Platform@@YAPEAPEA_WPEAH@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?__abi_FailFast@@YAXXZ
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?UninitializeData@Details@Platform@@YAXH@Z
?InitializeData@Details@Platform@@YAJH@Z
??0InvalidArgumentException@Platform@@QE$AAA@PE$AAVString@1@@Z
?Equals@Object@Platform@@QE$AAA_NPE$AAV12@@Z
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?Equals@ValueType@Platform@@QE$AAA_NPE$AAVObject@2@@Z
?GetHashCode@Object@Platform@@QE$AAAHXZ
??0Exception@Platform@@QE$AAA@HPE$AAVString@1@@Z
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
?ToString@int32@default@@QEAAPE$AAVString@Platform@@XZ
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
?ToString@Guid@Platform@@QEAAPE$AAVString@2@XZ
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
??0ChangedStateException@Platform@@QE$AAA@XZ
??0OutOfBoundsException@Platform@@QE$AAA@XZ
??0FailureException@Platform@@QE$AAA@XZ
??0OutOfMemoryException@Platform@@QE$AAA@XZ
??0NotImplementedException@Platform@@QE$AAA@XZ
??0FailureException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0InvalidArgumentException@Platform@@QE$AAA@XZ
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?TerminateModule@Details@Platform@@YA_NPEAVModuleBase@1WRL@Microsoft@@@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K@Z
??0Delegate@Platform@@QE$AAA@XZ
??0DisconnectedException@Platform@@QE$AAA@XZ
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
??0NullReferenceException@Platform@@QE$AAA@XZ
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@PE$AAV01@@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?GetType@Object@Platform@@QE$AAAPE$AAVType@2@XZ
?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
??0Object@Platform@@QE$AAA@XZ
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
?GetActivationFactory@Details@Platform@@YAJPEAVModuleBase@1WRL@Microsoft@@PEAUHSTRING__@@PEAPEAUIActivationFactory@@@Z
?__abi_WinRTraiseInvalidCastException@@YAXXZ

shcore

ord190

policymanager

PolicyManager_GetPolicyInt

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoFailFastWithErrorContext
RoOriginateError

api-ms-win-core-winrt-error-l1-1-1

RoReportUnhandledError

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd7b79cf09d9f73a1cb47f7635483b31

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

b8:46:a6:c8:c4:e6:95:84:86:0c:d6:87:6c:4c:42:72:a0:7c:7e:b7:b3:5e:b7:9b:42:73:1c:33:9e:4b:04:12Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-featurestaging-l1-1-0

api-ms-win-core-featurestaging-l1-1-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-windowserrorreporting-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

msvcrt

wincorlib

shcore

policymanager

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-stateseparation-helpers-l1-1-0

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 212KB - Virtual size: 217KB

.pdata Size: 192KB - Virtual size: 191KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 52KB - Virtual size: 51KB

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

b8:46:a6:c8:c4:e6:95:84:86:0c:d6:87:6c:4c:42:72:a0:7c:7e:b7:b3:5e:b7:9b:42:73:1c:33:9e:4b:04:12
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 212KB - Virtual size: 217KB

.pdata
Size: 192KB - Virtual size: 191KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 52KB - Virtual size: 51KB