2024-05-30_f9a17a26036fe111324030e27e891cea_locky

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-30_f9a17a26036fe111324030e27e891cea_locky
Size

517KB
MD5

f9a17a26036fe111324030e27e891cea
SHA1

bf7cdc42f6ac5985be37819dcd2f5bbfedd582e1
SHA256

d7d0561555b788d2048f7a6904318c44e01a16299bb3177250c4478170d7fa51
SHA512

f0246f51c92334c60ad75fc26bd5fc016f7a8d14d1b55018bd98c9ae1f95cfdc2099d91bdef82a2523890777117be3f2db3c7ce993e04f1a1e48aee70a09868a
SSDEEP

12288:uVRm47ugq9QLXzNWVn4Fkl6BQ2yLhxPtIS4GudgBXllbXtdj:uVzzzjNO4FkUQ2yL7PtIdGudqlb9dj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-30_f9a17a26036fe111324030e27e891cea_locky

Files

2024-05-30_f9a17a26036fe111324030e27e891cea_locky
.exe windows:5 windows x86 arch:x86

09039f41fc88a3e991a6e3505504e428

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoA
GetTempFileNameW
GetVolumeNameForVolumeMountPointA
GetWindowsDirectoryA
CreateProcessW
FindFirstFileW
GetCurrentProcess
FindClose
DeviceIoControl
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLogicalDrives
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
FindNextFileW
CreateThread
LocalFree
CreateEventA
GetTempPathW
GetModuleFileNameW
ExitProcess
FindAtomA
GlobalFindAtomA
GlobalAddAtomA
AddAtomA
GetVersionExA
GetUserDefaultUILanguage
MulDiv
OpenMutexA
SetThreadPriority
GetCurrentThread
CopyFileW
GetUserDefaultLangID
GetSystemDefaultLangID
SetUnhandledExceptionFilter
SetErrorMode
CloseHandle
ReadFile
WriteFile
FlushFileBuffers
GetFileSizeEx
SetFilePointer
SetFileTime
CreateFileW
DeleteFileW
MoveFileExW
GetSystemTimeAsFileTime
lstrlenA
LoadLibraryW
HeapReAlloc
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
VirtualQuery
GetStringTypeW
LCMapStringW
SetFileAttributesW
GetFileAttributesExW
FreeLibrary
LoadLibraryA
InterlockedDecrement
Sleep
GetTickCount
GetLastError
GetSystemDirectoryW
VirtualFree
GetProcAddress
GetModuleHandleA
VirtualAlloc
HeapCreate
GetStdHandle
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetCurrentThreadId
SetLastError
GetModuleHandleW
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapFree
HeapAlloc
RaiseException
RtlUnwind

advapi32

CryptEncrypt
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
CryptImportKey
CryptAcquireContextA
RegDeleteValueA
RegSetValueExW
RegSetValueExA
AccessCheck
MapGenericMask
DuplicateToken
OpenThreadToken
GetFileSecurityW
CryptGetKeyParam
CryptSetHashParam
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
SetTokenInformation
OpenProcessToken
EqualSid
GetTokenInformation
RegCloseKey
RegOpenKeyExA
CryptDestroyKey

mpr

WNetCloseEnum
WNetAddConnection2W
WNetOpenEnumW
WNetEnumResourceW

shell32

ShellExecuteW
SHGetFolderPathW

wininet

InternetCrackUrlA
InternetCloseHandle
InternetSetOptionA
InternetQueryOptionA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpSendRequestExA
HttpEndRequestA
HttpQueryInfoA
InternetReadFile
InternetWriteFile
HttpAddRequestHeadersA

gdi32

SetBkMode
GetDeviceCaps
SetTextColor
GetDIBits
SelectObject
CreateCompatibleDC
DeleteDC
CreateFontA
CreateSolidBrush
GetObjectA
DeleteObject
CreateCompatibleBitmap

user32

GetDC
ReleaseDC
DrawTextW
FillRect
GetSystemMetrics
SystemParametersInfoW
FrameRect

ole32

CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoInitializeEx

netapi32

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

urlmon

ObtainUserAgentString

oleaut32

VariantInit
SysFreeString
SysStringByteLen
VariantClear
SysAllocString
SysAllocStringByteLen

Sections

.text
Size: 473KB - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sxdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.cdata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09039f41fc88a3e991a6e3505504e428

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

mpr

shell32

wininet

gdi32

user32

ole32

netapi32

urlmon

oleaut32

Sections

.text Size: 473KB - Virtual size: 473KB

.sxdata Size: 25KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 14KB

.reloc Size: 10KB - Virtual size: 9KB

.cdata Size: 3KB - Virtual size: 4KB

.text
Size: 473KB - Virtual size: 473KB

.sxdata
Size: 25KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 14KB

.reloc
Size: 10KB - Virtual size: 9KB

.cdata
Size: 3KB - Virtual size: 4KB