2024-09-14_3925cdc1d6cb600054718d10c1bb4600_wormlocker | Triage

Sharing

General

Target

2024-09-14_3925cdc1d6cb600054718d10c1bb4600_wormlocker
Size

1.8MB
MD5

3925cdc1d6cb600054718d10c1bb4600
SHA1

993a9eefe488a3978ffa0933cabd392acc4c1d24
SHA256

ccf9540b7b7952e32c6d8e1edb37387857cf4f43f91bf5356842bf26e809731f
SHA512

4773272f13b300662e8f3b552f3e3fa9a0b6795e7bd14f13e6398de2bd09931b4c6635136b46f2b7f33cc5f399c47c3dff138d9a9adb4868fbdcb0875bb9e3f9
SSDEEP

49152:0pb/gUlz7chwGu8RXWxfLfVYY0Us9diyRXXVqPUqa:0pb4UShwG4xzfVhNsbtFq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-14_3925cdc1d6cb600054718d10c1bb4600_wormlocker

Files

2024-09-14_3925cdc1d6cb600054718d10c1bb4600_wormlocker
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\damia_de0etcp\Documents\SysWOW64\SysWOW64\obj\Debug\Automatic_converter_rff_to_mp4.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ