lock.exe

First submission 2024-10-14 08:38:02

File details

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Mime type:	application/x-dosexec
File size:	129.9 KB (133020 bytes)
Compile time:	2024-10-10 15:40:05
MD5:	3090a0f92f82e781119bc70fcc9b8bfe
SHA1:	3cb76bfc877699803fad3d99ff8b81cdd49d1877
SHA256:	19519f487df6f64bedb750498197cb9f4ab9d6fd3b30f6e3f17b37f2c36375b7
Import Hash :	1051d7bee47a2c3b95bfdb508e6c9c6c
Sections 20	.text .data .rdata /4 .pdata .xdata .bss .idata .CRT .tls .reloc /14 /29 /41 /55 /67 /80 /91 /107 /123
Directories 3	import tls relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	17/77 VT report date: 2024-10-10 15:42:23
Malware Type 1	trojan

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://107.175.73.38/lock.exe	107.175.73.38	2024-10-14 08:38:02

PE Sections 3 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x1b58	7168	11b197595db155c2c7d87d606572c4c834118f87	82e431e54715025a467be9ebccd3f251
.data	0x3000	0xa0	512	c2261bb85dd4fe16ea1e61835ece333bf1f4166a	b33cde45203811b3698ad16e63b4ee3d
.rdata	0x4000	0x920	2560	ccc8cbdd7bfbfc478689a60db7818eed45896b41	83228c2f7664d339ead4565b7918098f
/4	0x5000	0x4	512	5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5	bf619eac0cdf3f68d496ea9344137e8b
.pdata	0x6000	0x258	1024	44a82fba25f79ef7aa5c9f35d85385070ef3c685	6108b22776bc8eadc933205022df7c7a
.xdata	0x7000	0x1d4	512	f39a886e324fd672c202cfc4c8e60744c099f17d	48f07fe4343f84d2ee82f58a9d137375
.bss	0x8000	0x1e0	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.idata	0x9000	0x870	2560	df303550c7dc5b8c4ffeaab9b5660b454eed0f69	1a28cbbe50382bb3980d184af59b1b14
.CRT	0xa000	0x60	512	d8a2243f65f4c604a851018bf3b0fc9e746e9b24	af01a49ba0d9c24a01a76cf1160f1258
.tls	0xb000	0x10	512	5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5	bf619eac0cdf3f68d496ea9344137e8b
.reloc	0xc000	0x78	512	b10c8e43a8de8878379d73ec341d2c2688e5e987	978e9983dabff390976303caac567b4e
/14	0xd000	0x460	1536	8661b6dde504f5d04dde86398f2b353627f0033a	00cff6e9f89efb925128651fe99409a8
/29	0xe000	0xaae9	44032	bd2710efddba687a9f2c823ea99c78344f1cf5a1	0618a15f7c1bc449eb318a1b97227579
/41	0x19000	0x1cb8	7680	0bf7cf6312c5764c8b5b6ac52a0668ec760697ff	089bd22e9162cbfa4761dd2e0e909a38
/55	0x1b000	0x1b32	7168	65118f2844570fb6739117ddaff5c633a02f3a0f	91f2a16c1ce6251645a64f0b4faf0738
/67	0x1d000	0xad0	3072	205e870d2a99b0bc2d2a02ac7ce904d0f96f8c55	d6efcac06d4cf19e85f97b7b42ba4842
/80	0x1e000	0x354	1024	a40def3e59e56c244b7f1ee9e4d2758cc286e7db	a5657ca8b7b4d6587b37b69dca0759a0
/91	0x1f000	0x205b	8704	6a74e6e58cbb49e6a89961f7071d5710271c5c31	9bbe9dd66e6ef5ad08d3fe0304d7e852
/107	0x22000	0x120d	5120	f6bf769b78411e5e964717a0c7511192ebd97f6f	0bf20c78a2babd3b62ce315609ea6a44
/123	0x24000	0x195	512	a2a125cb7390661b9af98659661b28127255ba37	0a478305b637270896b63c2f3a8d9a48

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 1

GetLastError

Strings analysis - File found

Library
libgcc_s_dw2-1.dll
USER32.dll
MSVCRT.dll
WINMM.dll
GDI32.dll
KERNEL32.dll

Import functions

WINMM.dll 1 KERNEL32.dll 14 msvcrt.dll 24 USER32.dll 10 GDI32.dll 5

Function	Address	Souspicious	Anti Debug
PlaySoundA	0x140009418

Function	Address	Souspicious	Anti Debug
DeleteCriticalSection	0x140009280
EnterCriticalSection	0x140009288
FreeLibrary	0x140009290
GetLastError	0x140009298
GetModuleHandleA	0x1400092a0
GetProcAddress	0x1400092a8
InitializeCriticalSection	0x1400092b0
LeaveCriticalSection	0x1400092b8
LoadLibraryA	0x1400092c0
SetUnhandledExceptionFilter	0x1400092c8
Sleep	0x1400092d0
TlsGetValue	0x1400092d8
VirtualProtect	0x1400092e0
VirtualQuery	0x1400092e8

Function	Address	Souspicious	Anti Debug
__C_specific_handler	0x1400092f8
__getmainargs	0x140009300
__initenv	0x140009308
__iob_func	0x140009310
__set_app_type	0x140009318
__setusermatherr	0x140009320
_amsg_exit	0x140009328
_cexit	0x140009330
_commode	0x140009338
_fmode	0x140009340
_initterm	0x140009348
_onexit	0x140009350
abort	0x140009358
calloc	0x140009360
exit	0x140009368
fprintf	0x140009370
free	0x140009378
fwrite	0x140009380
malloc	0x140009388
memcpy	0x140009390
signal	0x140009398
strlen	0x1400093a0
strncmp	0x1400093a8
vfprintf	0x1400093b0

Function	Address	Souspicious	Anti Debug
CreateWindowExA	0x1400093c0
DispatchMessageA	0x1400093c8
GetDC	0x1400093d0
GetMessageA	0x1400093d8
GetSystemMetrics	0x1400093e0
LoadImageA	0x1400093e8
ReleaseDC	0x1400093f0
SetWindowsHookExA	0x1400093f8
TranslateMessage	0x140009400
UnhookWindowsHookEx	0x140009408

Function	Address	Souspicious	Anti Debug
BitBlt	0x140009250
CreateCompatibleDC	0x140009258
DeleteDC	0x140009260
DeleteObject	0x140009268
SelectObject	0x140009270