2024-05-23_2bfc09f0c63e6ecda28fe8df8e279993_locky

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-23_2bfc09f0c63e6ecda28fe8df8e279993_locky
Size

110KB
MD5

2bfc09f0c63e6ecda28fe8df8e279993
SHA1

e9b87723c4a648105bf956b5f1c20a1ba3b2fc70
SHA256

9132d5276069cf432ce706f1ef0334270a2f0f10a5a176f0dc8b79e7237275fe
SHA512

7ea335e8899c31a7321e3a6f594c83d4aed2a9b083e43bd0b2786878a73150ff64521deaf65240f708ada647ced98263f42388b43d93179fb303bb5f1058e31c
SSDEEP

3072:5Cr12xuooBRbzit33dsN62/5nFOo911111111Y9:5m12xILm3GfxFO59

Score

10^/10

Malware Config

Signatures

Detects command variations typically used by ransomware 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_GENRansomware

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-23_2bfc09f0c63e6ecda28fe8df8e279993_locky

Files

2024-05-23_2bfc09f0c63e6ecda28fe8df8e279993_locky
.exe windows:5 windows x86 arch:x86

67aa5c31c7432ed4acaf13a92c63c785

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThread
FindNextFileW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetLogicalDrives
GetDriveTypeW
InitializeCriticalSection
LoadLibraryW
RtlUnwind
GetSystemTime
GetTempFileNameW
CreateProcessW
GetCurrentProcess
GetVolumeNameForVolumeMountPointA
GetWindowsDirectoryA
GetLocaleInfoA
VirtualProtect
FindClose
FindFirstFileW
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
GetModuleHandleA
WaitForSingleObject
CreateThread
CopyFileW
GetTempPathW
Sleep
GetUserDefaultUILanguage
GetUserDefaultLangID
GetSystemDefaultLangID
SetUnhandledExceptionFilter
SetErrorMode
MulDiv
GetVersionExA
ExitProcess
GetModuleFileNameW
FlushFileBuffers
GetLastError
SetFileTime
GetSystemTimeAsFileTime
SetFilePointer
ReadFile
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
MoveFileExW
WriteFile
GetFileSizeEx
CreateFileW
CloseHandle
VirtualFree
VirtualAlloc
GetStringTypeW
LCMapStringW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetModuleHandleW
IsProcessorFeaturePresent
HeapReAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapAlloc
HeapFree
RaiseException
GetStdHandle
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
HeapSize

user32

FrameRect
SystemParametersInfoW
DrawTextW
GetDC
GetSystemMetrics
ReleaseDC
FillRect

gdi32

CreateSolidBrush
GetDIBits
GetObjectA
SetBkMode
SetTextColor
CreateCompatibleBitmap
SelectObject
CreateFontA
DeleteObject
GetDeviceCaps
CreateCompatibleDC
DeleteDC

advapi32

CryptDestroyHash
AccessCheck
MapGenericMask
DuplicateToken
OpenThreadToken
GetFileSecurityW
CryptGetKeyParam
CryptSetHashParam
CryptHashData
SetTokenInformation
OpenProcessToken
CryptCreateHash
CryptGetHashParam
RegSetValueExW
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
CryptEncrypt
CryptSetKeyParam
CryptImportKey
CryptDestroyKey

shell32

ShellExecuteW
SHGetFolderPathW

wininet

InternetConnectA
InternetSetOptionA
InternetOpenA
InternetCrackUrlA
InternetCloseHandle
HttpOpenRequestA
InternetQueryOptionA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
HttpAddRequestHeadersA

mpr

WNetEnumResourceW
WNetAddConnection2W
WNetCloseEnum
WNetOpenEnumW

netapi32

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

urlmon

ObtainUserAgentString

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67aa5c31c7432ed4acaf13a92c63c785

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

wininet

mpr

netapi32

urlmon

Sections

.text Size: 69KB - Virtual size: 69KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 3KB - Virtual size: 8KB

.reloc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 69KB - Virtual size: 69KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 3KB - Virtual size: 8KB

.reloc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 4KB