2024-09-25_efcd5e86750a2cff8df6c5a1293cdbab_lockbit

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-25_efcd5e86750a2cff8df6c5a1293cdbab_lockbit
Size

131KB
MD5

efcd5e86750a2cff8df6c5a1293cdbab
SHA1

128e45a896a7abde78881089266be3d859c549d6
SHA256

6ca0a124136986b91b17a280c80d8923b827a4280dd6abc60a105e4829a790b3
SHA512

2e6bb423e4044aebdefe3b8f40d5cae58d1a8c86bf3d3ecb581e5f4412179e631a5451fc844bd8cd20f9f1ec598adcebe345b797002fadaffa8dbdaae09302cb
SSDEEP

3072:sp3HiU4PBx3xb6x4l8Qc2WGSfpfUx2b4pNOu/z2:m3Al8QjSR8oUpNLL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-25_efcd5e86750a2cff8df6c5a1293cdbab_lockbit

Files

2024-09-25_efcd5e86750a2cff8df6c5a1293cdbab_lockbit
.exe windows:5 windows x86 arch:x86

2768d81bcf1dd65d6ed77ffcbda4bbdf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htons
getsockname
shutdown
setsockopt
WSAConnect
closesocket
send
WSASocketW
WSAStartup
freeaddrinfo
getaddrinfo
WSAGetLastError
select
getpeername
recv

shlwapi

PathCombineW
wvnsprintfW
wvnsprintfA
PathFindFileNameW
PathRemoveFileSpecA
PathRemoveBackslashA
PathAddBackslashA
PathSkipRootW
PathMatchSpecW
PathUnquoteSpacesW
StrCmpNIW
StrStrIW

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

msvcrt

tolower
strncmp
sprintf
strtod
memcpy
_except_handler3
memset

psapi

GetProcessImageFileNameW

kernel32

UpdateResourceW
LockResource
BeginUpdateResourceW
SizeofResource
GetComputerNameW
GetNativeSystemInfo
CreateDirectoryW
GetModuleHandleW
GetCurrentThread
SetEvent
GetComputerNameExW
lstrlenA
HeapReAlloc
HeapAlloc
HeapFree
HeapCreate
HeapValidate
GetProcessHeaps
HeapSetInformation
GetCurrentProcessId
LoadLibraryExW
GetProcAddress
lstrlenW
WideCharToMultiByte
FreeLibrary
LoadLibraryW
lstrcpynW
lstrcatW
FindResourceW
LoadResource
GetVolumeNameForVolumeMountPointA
GetTempFileNameW
CreateProcessW
MoveFileExW
WaitForSingleObject
GetTickCount
WriteFile
TerminateProcess
GetModuleFileNameW
CreateFileW
OpenMutexW
CreateEventW
CloseHandle
DeleteFileW
SetFileAttributesW
FindFirstFileW
GetSystemDirectoryW
Sleep
CopyFileW
GetFileAttributesW
FindClose
GetModuleHandleA
lstrcpyW
GetFullPathNameW
ExitProcess
GetCommandLineW
GetFileSize
CreateMutexW
GetCurrentProcess
SetFilePointerEx
GetUserDefaultLCID
EndUpdateResourceW
GetCommandLineA
ReadFile
GetLastError
SetCurrentDirectoryW
lstrcmpiW
OpenEventW
OutputDebugStringA
LocalFree
CreateThread
FindNextFileW
MapViewOfFile
UnmapViewOfFile
SetFileTime
OpenProcess
Process32FirstW
CreateFileMappingW
Process32NextW
CreateToolhelp32Snapshot
GetFileTime
GetWindowsDirectoryW
SearchPathW
GetTempPathW
EnumResourceNamesW
FreeResource
SetThreadPriority

user32

wvsprintfA
wvsprintfW
wsprintfW
wsprintfA

advapi32

RegDeleteValueW
CryptGenRandom
RegCreateKeyExW
CreateWellKnownSid
CheckTokenMembership
LookupAccountSidW
DuplicateToken
GetTokenInformation
IsWellKnownSid
OpenProcessToken
EnumServicesStatusExW
QueryServiceConfigW
SetServiceStatus
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
RegSetValueW
RegisterServiceCtrlHandlerExW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
RegEnumValueW
CryptAcquireContextW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
CryptGetHashParam

shell32

SHChangeNotify
ShellExecuteExW
SHGetFolderPathA
SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CoUninitialize
CoGetObject
IIDFromString
CoInitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstance

ntdll

RtlDosPathNameToNtPathName_U
ZwDeleteFile
RtlFreeUnicodeString
LdrEnumerateLoadedModules
ZwSetInformationProcess
ZwQueryInformationProcess
RtlAcquirePebLock
RtlReleasePebLock

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

xqCjeUPY
Size: 3KB - Virtual size: 2KB

SOGwdmpQ
Size: 18KB - Virtual size: 18KB

cbLjoxsC
Size: 7KB - Virtual size: 7KB

uIjexoGA
Size: 9KB - Virtual size: 8KB

iblbQUKN
Size: 1024B - Virtual size: 684B

pQmROSlx
Size: 1KB - Virtual size: 1KB

MryAUgJX
Size: 34KB - Virtual size: 34KB

cCZiPUqn
Size: 1024B - Virtual size: 871B

fNhtyHxO
Size: 7KB - Virtual size: 7KB

qyOPQBUW
Size: 10KB - Virtual size: 9KB

Sharing

General

Malware Config

Signatures

Files

2768d81bcf1dd65d6ed77ffcbda4bbdf

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

shlwapi

crypt32

version

msvcrt

psapi

kernel32

user32

advapi32

shell32

ole32

ntdll

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 1024B - Virtual size: 196KB

.rsrc Size: 1024B - Virtual size: 1012B

xqCjeUPY Size: 3KB - Virtual size: 2KB

SOGwdmpQ Size: 18KB - Virtual size: 18KB

cbLjoxsC Size: 7KB - Virtual size: 7KB

uIjexoGA Size: 9KB - Virtual size: 8KB

iblbQUKN Size: 1024B - Virtual size: 684B

pQmROSlx Size: 1KB - Virtual size: 1KB

MryAUgJX Size: 34KB - Virtual size: 34KB

cCZiPUqn Size: 1024B - Virtual size: 871B

fNhtyHxO Size: 7KB - Virtual size: 7KB

qyOPQBUW Size: 10KB - Virtual size: 9KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 196KB

.rsrc
Size: 1024B - Virtual size: 1012B

xqCjeUPY
Size: 3KB - Virtual size: 2KB

SOGwdmpQ
Size: 18KB - Virtual size: 18KB

cbLjoxsC
Size: 7KB - Virtual size: 7KB

uIjexoGA
Size: 9KB - Virtual size: 8KB

iblbQUKN
Size: 1024B - Virtual size: 684B

pQmROSlx
Size: 1KB - Virtual size: 1KB

MryAUgJX
Size: 34KB - Virtual size: 34KB

cCZiPUqn
Size: 1024B - Virtual size: 871B

fNhtyHxO
Size: 7KB - Virtual size: 7KB

qyOPQBUW
Size: 10KB - Virtual size: 9KB