2024-10-15_919c58e40518ab46dbb7175c4ce93bd8_lockbit

Sharing

Copy URL

Twitter E-mail

General

Target

2024-10-15_919c58e40518ab46dbb7175c4ce93bd8_lockbit
Size

86KB
MD5

919c58e40518ab46dbb7175c4ce93bd8
SHA1

d8d52462f44a7aba484c5f67f0ff4488301dd598
SHA256

ed17ad2f592b6bd1207ff883bae76e5bbcb3dccc80fd7c41aa8d19d30b5f3f48
SHA512

fbe8f47adba31a8d971e66a39e1f8aeba53a3efd752ca32c2534d7bb724307f36cdbe386770252fd55ac776d55a621c0185d8198c2a43b855fcc2be45e40f0ef
SSDEEP

1536:hk7xrDd7GYAaSj6ky23DobKpYl7pb5Zef2Mpx9:a79My52OKpYl7d5ZHMX9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-15_919c58e40518ab46dbb7175c4ce93bd8_lockbit

Files

2024-10-15_919c58e40518ab46dbb7175c4ce93bd8_lockbit
.exe windows:6 windows x86 arch:x86

af65439914f3ab7aa9c67e2ec1840ec6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
TerminateProcess
RemoveDirectoryW
CreateFileW
ResumeThread
Sleep
DeleteFileW
CreateProcessW
CopyFileW
GetFileAttributesW
LoadLibraryW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
WaitForDebugEvent
InitializeProcThreadAttributeList
ContinueDebugEvent
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
TerminateThread
CreateThread
VirtualFree
GetCurrentProcess
LocalAlloc
GetCurrentThreadId
SetEvent
LocalFree
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapDestroy
HeapCreate
FileTimeToDosDateTime
GetTempFileNameA
FileTimeToLocalFileTime
WideCharToMultiByte
DeleteFileA
CreateFileA
GetTempPathA
GetFileInformationByHandle
SetFilePointer
WriteFile
ReadFile
ExitProcess
GetCommandLineW
LoadLibraryExW
FreeLibrary
CloseHandle
GetLastError
CreateEventW
WaitForSingleObject
SetLastError
GetModuleFileNameW
GetStartupInfoW
VirtualAlloc
VirtualQuery

user32

CharPrevW
GetProcessWindowStation
GetUserObjectInformationW
SendMessageTimeoutW
GetThreadDesktop

advapi32

RegSetKeyValueW
CreateWellKnownSid
RegFlushKey
RegEnumKeyExW
RegOpenKeyW
CreateProcessAsUserW
RegDeleteKeyW
RegCreateKeyW
RegCloseKey
CloseServiceHandle
OpenSCManagerW
RegCreateKeyExW
RegSetValueExW
StartServiceW
RegOpenKeyExW
RegDeleteValueW
OpenServiceW
QueryServiceStatusEx

shell32

ShellExecuteExW
SHAssocEnumHandlersForProtocolByApplication
SHCreateItemFromParsingName
SHGetSpecialFolderPathW
SHGetKnownFolderPath

ole32

CoInitializeEx
CoUninitialize
StringFromCLSID
CoCreateGuid
CoCreateInstance
CoTaskMemFree
CoGetObject

oleaut32

SysAllocString
VariantInit
SysFreeString

rpcrt4

RpcAsyncInitializeHandle
RpcStringFreeW
RpcAsyncCompleteCall
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingFree
NdrAsyncClientCall
RpcBindingSetAuthInfoExW
RpcRaiseException

ntdll

NtCreateEvent
NtUnmapViewOfSection
NtMapViewOfSection
NtDeleteFile
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
NtOpenKey
RtlFormatCurrentUserKeyPath
NtCreateKey
NtSetValueKey
NtOpenProcessToken
NtDuplicateToken
NtRemoveProcessDebug
NtSetInformationToken
RtlAllocateAndInitializeSid
RtlLengthSid
NtDuplicateObject
RtlFreeSid
DbgUiSetThreadDebugObject
NtTerminateProcess
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
NtSetEvent
NtCreateFile
NtClose
NtNotifyChangeDirectoryFile
RtlGetFrame
RtlPopFrame
RtlPushFrame
NtDeleteKey
NtFreeVirtualMemory
RtlInitUnicodeString
RtlDestroyHeap
RtlAllocateHeap
NtQuerySystemInformation
RtlSubAuthoritySid
NtWaitForSingleObject
LdrGetDllHandle
NtQueryInformationProcess
RtlDeleteBoundaryDescriptor
NtOpenProcess
LdrFindResource_U
NtQueryInformationToken
NtAllocateVirtualMemory
LdrEnumerateLoadedModules
RtlPrefixUnicodeString
NtDeleteValueKey
RtlLengthRequiredSid
RtlAcquirePebLock
RtlImageNtHeader
RtlGetVersion
RtlWow64EnableFsRedirectionEx
NtFsControlFile
RtlGetCurrentPeb
NtCreatePrivateNamespace
NtDeletePrivateNamespace
RtlFreeHeap
RtlRaiseStatus
RtlSetHeapInformation
RtlCreateHeap
LdrFindEntryForAddress
RtlNtStatusToDosError
RtlAddSIDToBoundaryDescriptor
RtlReleasePebLock
RtlExpandEnvironmentStrings_U
NtQueryValueKey
LdrAccessResource
RtlUnwind
RtlRandomEx
RtlEqualUnicodeString
NtCreateSection
RtlComputeCrc32
RtlQueryElevationFlags
LdrGetDllHandleEx
NtCompressKey
RtlExitUserProcess
RtlImageDirectoryEntryToData
RtlInitializeSid
RtlCreateBoundaryDescriptor

comctl32

ord17

cabinet

ord10
ord14
ord11
ord13

msdelta

DeltaFree
ApplyDeltaB

bcrypt

BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptDecrypt
BCryptGetProperty
BCryptDestroyKey
BCryptOpenAlgorithmProvider

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af65439914f3ab7aa9c67e2ec1840ec6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

rpcrt4

ntdll

comctl32

cabinet

msdelta

bcrypt

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 3KB - Virtual size: 2KB