2024-05-30_7619daf0a58c873caa3790bc66f84204_locky

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-30_7619daf0a58c873caa3790bc66f84204_locky
Size

517KB
MD5

7619daf0a58c873caa3790bc66f84204
SHA1

1feb1683d1b149601d2036b41ed36fd9c9d88f6d
SHA256

ce91d20c7f9e548ba5cf56e84cf8e535566bdaf6dd319d948988e3246d7f6644
SHA512

2326dbe762b73cd83bbf0e8964ae9d7836686b5127b4d7d2064936ca81f2906d58e645b3928801b50ae3a86167a131a8b90d5d9c2ef8e0871bf150fcf4995508
SSDEEP

12288:uVRm47ugq9QLXzNWVn4Fkl6BQ2yLhxPtIS4GudgBXllbXtdj:uVzzzjNO4FkUQ2yL7PtIdGudqlb9dj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-05-30_7619daf0a58c873caa3790bc66f84204_locky

Files

2024-05-30_7619daf0a58c873caa3790bc66f84204_locky
.exe windows:5 windows x86 arch:x86

09039f41fc88a3e991a6e3505504e428

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoA
GetTempFileNameW
GetVolumeNameForVolumeMountPointA
GetWindowsDirectoryA
CreateProcessW
FindFirstFileW
GetCurrentProcess
FindClose
DeviceIoControl
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLogicalDrives
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
FindNextFileW
CreateThread
LocalFree
CreateEventA
GetTempPathW
GetModuleFileNameW
ExitProcess
FindAtomA
GlobalFindAtomA
GlobalAddAtomA
AddAtomA
GetVersionExA
GetUserDefaultUILanguage
MulDiv
OpenMutexA
SetThreadPriority
GetCurrentThread
CopyFileW
GetUserDefaultLangID
GetSystemDefaultLangID
SetUnhandledExceptionFilter
SetErrorMode
CloseHandle
ReadFile
WriteFile
FlushFileBuffers
GetFileSizeEx
SetFilePointer
SetFileTime
CreateFileW
DeleteFileW
MoveFileExW
GetSystemTimeAsFileTime
lstrlenA
LoadLibraryW
HeapReAlloc
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
VirtualQuery
GetStringTypeW
LCMapStringW
SetFileAttributesW
GetFileAttributesExW
FreeLibrary
LoadLibraryA
InterlockedDecrement
Sleep
GetTickCount
GetLastError
GetSystemDirectoryW
VirtualFree
GetProcAddress
GetModuleHandleA
VirtualAlloc
HeapCreate
GetStdHandle
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetCurrentThreadId
SetLastError
GetModuleHandleW
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapFree
HeapAlloc
RaiseException
RtlUnwind

advapi32

CryptEncrypt
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
CryptImportKey
CryptAcquireContextA
RegDeleteValueA
RegSetValueExW
RegSetValueExA
AccessCheck
MapGenericMask
DuplicateToken
OpenThreadToken
GetFileSecurityW
CryptGetKeyParam
CryptSetHashParam
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
SetTokenInformation
OpenProcessToken
EqualSid
GetTokenInformation
RegCloseKey
RegOpenKeyExA
CryptDestroyKey

mpr

WNetCloseEnum
WNetAddConnection2W
WNetOpenEnumW
WNetEnumResourceW

shell32

ShellExecuteW
SHGetFolderPathW

wininet

InternetCrackUrlA
InternetCloseHandle
InternetSetOptionA
InternetQueryOptionA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpSendRequestExA
HttpEndRequestA
HttpQueryInfoA
InternetReadFile
InternetWriteFile
HttpAddRequestHeadersA

gdi32

SetBkMode
GetDeviceCaps
SetTextColor
GetDIBits
SelectObject
CreateCompatibleDC
DeleteDC
CreateFontA
CreateSolidBrush
GetObjectA
DeleteObject
CreateCompatibleBitmap

user32

GetDC
ReleaseDC
DrawTextW
FillRect
GetSystemMetrics
SystemParametersInfoW
FrameRect

ole32

CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoInitializeEx

netapi32

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

urlmon

ObtainUserAgentString

oleaut32

VariantInit
SysFreeString
SysStringByteLen
VariantClear
SysAllocString
SysAllocStringByteLen

Sections

.text
Size: 473KB - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sxdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.cdata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09039f41fc88a3e991a6e3505504e428

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

mpr

shell32

wininet

gdi32

user32

ole32

netapi32

urlmon

oleaut32

Sections

.text Size: 473KB - Virtual size: 473KB

.sxdata Size: 25KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 14KB

.reloc Size: 10KB - Virtual size: 9KB

.cdata Size: 3KB - Virtual size: 4KB

.text
Size: 473KB - Virtual size: 473KB

.sxdata
Size: 25KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 14KB

.reloc
Size: 10KB - Virtual size: 9KB

.cdata
Size: 3KB - Virtual size: 4KB