Extracted

Extracted

• • Target

    DCryptSoft.bin

  • Size

    106KB

  • MD5

    8ba537f8d00a73d6cc1cc5dffa566ed1

  • SHA1

    08419f52af8acc1bdac239bd65f64414597a8d96

  • SHA256

    aac2024789ffd2bfce97d6a509136ecf7c43b18c2a83280b596e62d988cedb10

  • SHA512

    7bc28f475d504e945d690ad998987d4184269dac8f7470842f356a50f9ff59dd1595b6cf87b2015844d7c3cf84e39f989a648700d28561251dc59428177a14f7

  Score

  10^/10

  ransomwarepersistencespyware

  • Registers COM server for autorun

    persistence

  • Modifies Installed Components in the registry

    persistence

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Drops startup file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Drops desktop.ini file(s)

  • Enumerates connected drives

  • JavaScript code in executable

  • Modifies service

    persistence
  behavioral1behavioral2