ac88841c9e1a

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\WinLocker.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	6.55 MB
MD5	3dee3d2f8538b1b787d29932dc993f58
SHA1	7276afcd594094f2b484df2b5175325d01b445d7
SHA256	ac88841c9e1a10a62d1a703622d3c1ee10e4d2a151178abb72441d4a73417f34
SSDeep	196608:C5MLULQ90nVXO/hnuJ4WqiBhlmjPjS89gK5uh6V:CFLw0VepuJfLcjjS89nh
ImpHash	218d9ba4eceb50a5824323647a0daf46

PE Information

Image Base	0x00400000
Entry Point	0x009C0195
Size Of Code	0x00117E00
Size Of Initialized Data	0x0016E400
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	1992-06-19 22:22 (UTC)

Sections (10)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
CODE	0x00401000	0x00117DDC	0x00000000	0x00000000	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	0.0
DATA	0x00519000	0x00004B80	0x00000000	0x00000000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
BSS	0x0051E000	0x0004110D	0x00000000	0x00000000	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.idata	0x00560000	0x00002966	0x00000000	0x00000000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.tls	0x00563000	0x00000010	0x00000000	0x00000000	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.rdata	0x00564000	0x00000018	0x00000000	0x00000000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ	0.0
.}Yb	0x00565000	0x0040F5A4	0x00000000	0x00000000	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	0.0
.`Uk	0x00975000	0x00000ADC	0x00000C00	0x00000400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.32
./Oq	0x00976000	0x00684DD0	0x00684E00	0x00001000	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	8.0
.rsrc	0x00FFB000	0x000070B8	0x00007200	0x00685E00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ	5.92

Imports (21)

kernel32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetVersion	-	0x00975000	0x005A2FB4	0x0002DFB4	0x00000000

user32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetKeyboardType	-	0x00975008	0x005A2FBC	0x0002DFBC	0x00000000

advapi32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegQueryValueExA	-	0x00975010	0x005A2FC4	0x0002DFC4	0x00000000

oleaut32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SysFreeString	-	0x00975018	0x005A2FCC	0x0002DFCC	0x00000000

kernel32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
TlsSetValue	-	0x00975020	0x005A2FD4	0x0002DFD4	0x00000000

advapi32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegSetValueExA	-	0x00975028	0x005A2FDC	0x0002DFDC	0x00000000

kernel32.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetVersionExA	-	0x00975030	0x005A2FE4	0x0002DFE4	0x00000000
GetVersion	-	0x00975034	0x005A2FE8	0x0002DFE8	0x00000000

version.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
VerQueryValueA	-	0x0097503C	0x005A2FF0	0x0002DFF0	0x00000000

gdi32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
UnrealizeObject	-	0x00975044	0x005A2FF8	0x0002DFF8	0x00000000

user32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CreateWindowExA	-	0x0097504C	0x005A3000	0x0002E000	0x00000000

kernel32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
Sleep	-	0x00975054	0x005A3008	0x0002E008	0x00000000

oleaut32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SafeArrayPtrOfIndex	-	0x0097505C	0x005A3010	0x0002E010	0x00000000

ole32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
OleUninitialize	-	0x00975064	0x005A3018	0x0002E018	0x00000000

oleaut32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetErrorInfo	-	0x0097506C	0x005A3020	0x0002E020	0x00000000

comctl32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ImageList_SetIconSize	-	0x00975074	0x005A3028	0x0002E028	0x00000000

shell32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ShellExecuteA	-	0x0097507C	0x005A3030	0x0002E030	0x00000000

shell32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SHGetSpecialFolderLocation	-	0x00975084	0x005A3038	0x0002E038	0x00000000

ntdll.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RtlSetProcessIsCritical	-	0x0097508C	0x005A3040	0x0002E040	0x00000000

ntdll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RtlAdjustPrivilege	-	0x00975094	0x005A3048	0x0002E048	0x00000000

kernel32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetSystemTimeAsFileTime	-	0x0097509C	0x005A3050	0x0002E050	0x00000000

kernel32.dll (6)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
HeapAlloc	-	0x009750A4	0x005A3058	0x0002E058	0x00000000
HeapFree	-	0x009750A8	0x005A305C	0x0002E05C	0x00000000
ExitProcess	-	0x009750AC	0x005A3060	0x0002E060	0x00000000
LoadLibraryA	-	0x009750B0	0x005A3064	0x0002E064	0x00000000
GetModuleHandleA	-	0x009750B4	0x005A3068	0x0002E068	0x00000000
GetProcAddress	-	0x009750B8	0x005A306C	0x0002E06C	0x00000000

Memory Dumps (26)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
winlocker.exe	1	0x00400000	0x01002FFF	Relevant Image	32-bit	0x00FBA8D0	... Actions Go to Process Download Dump
buffer	1	0x001E0000	0x001E0FFF	First Execution	32-bit	0x001E000F	... Actions Go to Process Download Dump
ntdll.dll	1	0x77860000	0x779DAFFF	Content Changed	32-bit	0x778D71A5	... Actions Go to Process Download Dump
buffer	1	0x001E0000	0x001E0FFF	Marked Executable	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x01120000	0x01120FFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x01120000	0x01120FFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x01130000	0x01130FFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x01130000	0x01130FFF	First Execution	32-bit	0x0113000F	... Actions Go to Process Download Dump
buffer	1	0x01140000	0x01140FFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x01140000	0x01140FFF	First Execution	32-bit	0x01140015	... Actions Go to Process Download Dump
buffer	1	0x01160000	0x01160FFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
user32.dll	1	0x776B0000	0x777F6FFF	First Execution	32-bit	0x7770CD00	... Actions Go to Process Download Dump
buffer	1	0x01160000	0x01160FFF	First Execution	32-bit	0x01160000	... Actions Go to Process Download Dump
buffer	1	0x01170000	0x01170FFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x01170000	0x01170FFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02AA0000	0x02AA0FFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
kernelbase.dll	1	0x76E90000	0x7700DFFF	First Execution	32-bit	0x76F5E6B2	... Actions Go to Process Download Dump
kernelbase.dll	1	0x76E90000	0x7700DFFF	Content Changed	32-bit	0x76F8B28E	... Actions Go to Process Download Dump
buffer	1	0x02AA0000	0x02AA0FFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02AB0000	0x02AB0FFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02AB0000	0x02AB0FFF	Content Changed	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02AE0000	0x02AE0FFF	First Execution	32-bit	0x02AE0FEF	... Actions Go to Process Download Dump
buffer	1	0x02AE0000	0x02AE0FFF	Content Changed	32-bit	0x02AE0FD5	... Actions Go to Process Download Dump
buffer	1	0x02AE0000	0x02AE0FFF	Content Changed	32-bit	0x02AE0E90	... Actions Go to Process Download Dump
buffer	1	0x02AE0000	0x02AE0FFF	Content Changed	32-bit	0x02AE0ED1	... Actions Go to Process Download Dump
buffer	1	0x02AE0000	0x02AE0FFF	Content Changed	32-bit	0x02AE0FEF	... Actions Go to Process Download Dump

C:\Users\RDhJ0CNFevzX\Desktop\Time2.ini

Dropped File

Text

MIME Type	text/plain
File Size	22 Bytes
MD5	fee92bdaf0097fdb6bf5f9a2df008540
SHA1	ef58e939783c4e2770c0d3612dfb037a9d39ef9c
SHA256	fcad8f6ad4c3884af067d18268da2b8f395d5b047481cac39cd21a1010ba0169
SSDeep	3:XTfy:DK
ImpHash	-

C:\Users\RDhJ0CNFevzX\Desktop\Time2.ini

Dropped File

Text

MIME Type	text/plain
File Size	22 Bytes
MD5	3b3556b05b0719e2fe6f077daa22f41c
SHA1	3f3837fece02f45eb1c5c6a50b2b068b6eeaea00
SHA256	efcdc621dcaa1d6ad566b8096491c2d6049a3c29d80192f28dbf8522814eaeb0
SSDeep	3:XTey:Dey
ImpHash	-

C:\Users\RDhJ0CNFevzX\Desktop\Time.ini

Dropped File

Text

MIME Type	text/plain
File Size	16 Bytes
MD5	eb13b7eaf7f30d348e471f0907b31aac
SHA1	9c01b179d68e813c25774c8963e6b08ec62176ae
SHA256	94ba214735774fb4e68be906c3e181d29c71dbbcd10540e70ba7021fcf5ea3aa
SSDeep	3:zPv:zX
ImpHash	-

C:\Users\RDhJ0CNFevzX\Desktop\Time.ini

Dropped File

Text

MIME Type	text/plain
File Size	16 Bytes
MD5	f32623a0e5635c90d19ec2d4c1826e2e
SHA1	f3331ec41ba5c8ca523ed12b25b4be24052ec7bd
SHA256	44fe474883ccf4551027ac2e00314dd510ae2833629a732482b8270010ce681b
SSDeep	3:ziv:ziv
ImpHash	-

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information