2024-06-20_7df5036436f095591b75821b911ac3db_virlock | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-20_7df5036436f095591b75821b911ac3db_virlock
Size

714KB
MD5

7df5036436f095591b75821b911ac3db
SHA1

fb417bd3432aceb31c85093983f7d23263ca850d
SHA256

bfe40a8111f0e3f923d77cf75ec877627b61b02e619bbe4fef79232fdb170cb3
SHA512

be47280c63d825f93eb37a97f2ce2932d911e274c797795c8f69e7184ed41f02790c7f5cd076f28f6aaec3fd162e43ae2b0f6c74f38f557380993a91d5f2deea
SSDEEP

12288:askyE6tGvPFbGao0RuiClG7rZUCUV/hfWi9IDD4fNWmvDeCSgrZNncm8kT6zp3vi:NE6tGXFq10RHmO6f/+ANpVrjkF3vWA6X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-20_7df5036436f095591b75821b911ac3db_virlock

Files

2024-06-20_7df5036436f095591b75821b911ac3db_virlock
.exe windows:4 windows x86 arch:x86

1c8ca4b268c53b95276b273a6d97c8d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleWindow
EnumUILanguagesW
SetProcessAffinityMask
SetLocalPrimaryComputerNameW

advapi32

SystemFunction021

ntdll

NtDebugContinue
LdrQueryProcessModuleInformation

ole32

HDC_UserFree

user32

GetMessageExtraInfo

Sections

.text
Size: 710KB - Virtual size: 712KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE