ransomito[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ransomito.exe
Size

2.1MB
MD5

f48a1057059028a65f2ec37e90d4deec
SHA1

ca8c5636aa98948c3b25153188b98967cc65a42b
SHA256

efb0f928648e6988c29bb03bb6b14f2760870f3040f0195ca1c6ad8ac5fa2dee
SHA512

57d62b07741effba928c92d39b5bd2dfc9c341b237ab1f83ba33e9cdba079a14bec1bbf63333b18f964e982bc510f615314f4426c258538e5be80f0a36c2b0a2
SSDEEP

49152:t5L1XVcPYu8kgVwGv5rsa/uCPJnwC9GG5YbtRqRs:t5L4Yu8kVGhrsaG2nw

Score

N/A

Malware Config

Signatures

Files

ransomito.exe
.exe windows x86

ea8efe958d7a465d533da661db2a26b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
GetTimeZoneInformation
ReadFile
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapSize
WriteConsoleW
GetConsoleWindow
GetCommandLineA
GetModuleFileNameA
GetCurrentDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
CloseHandle
GetLastError
MoveFileExW
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
RaiseException
WaitForSingleObjectEx
Sleep
SwitchToThread
GetCurrentThreadId
GetExitCodeThread
LocalFree
FormatMessageA
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
QueryPerformanceCounter
QueryPerformanceFrequency
InitOnceBeginInitialize
InitOnceComplete
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LCMapStringEx
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
GetStringTypeW
SetLastError
GetSystemTime
SystemTimeToFileTime
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
GetModuleHandleExW
FindFirstFileW
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
ConvertFiberToThread
ConvertThreadToFiber
GetCurrentProcessId
FreeLibrary
LoadLibraryA
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
SetConsoleCtrlHandler
GetModuleFileNameW
GetFileSizeEx
HeapAlloc
FlushFileBuffers
GetConsoleOutputCP
HeapFree

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
ShowWindow

advapi32

RegSetValueExA
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegCreateKeyExA

ws2_32

select
shutdown
WSASocketW
inet_pton
getaddrinfo
WSAStartup
getpeername
send
__WSAFDIsSet
ntohs
connect
recv
freeaddrinfo
ioctlsocket
getnameinfo
setsockopt
WSAGetLastError
WSACleanup
closesocket
socket
getsockopt
WSASetLastError

crypt32

CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertFreeCertificateContext

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 468KB - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea8efe958d7a465d533da661db2a26b6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

crypt32

bcrypt

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 468KB - Virtual size: 468KB

.data Size: 30KB - Virtual size: 45KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 64KB - Virtual size: 63KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 468KB - Virtual size: 468KB

.data
Size: 30KB - Virtual size: 45KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 64KB - Virtual size: 63KB