gandcrab | 35cceac6180bfc5ae3489bfec867256d504d1c287a069cfaf6e7f493ffeb1624 | Triage

Sharing

General

Target

35cceac6180bfc5ae3489bfec867256d504d1c287a069cfaf6e7f493ffeb1624
Size

69KB
MD5

c6fb5ab46201be7b305064894d375bd3
SHA1

fb57829e9988e72a9ccbe0cf1cc62fd3317c02f7
SHA256

35cceac6180bfc5ae3489bfec867256d504d1c287a069cfaf6e7f493ffeb1624
SHA512

6cfee532d1d6e71225364828c1c81c5e75aedbf6850b70e82f6969b13ecb190938748099ddf3427e9cd16e095cfd57dccbee7eea8650cf2e34e25338d7f3707c
SSDEEP

1536:pZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAmMqqU+2bbbAV2/S2Lccu:VBounVyFHjMqqDL2/Lcc

Score

10^/10

gandcrab

Malware Config

Signatures

GandCrab Payload 1 IoCs

Processes:

resource yara_rule

sample family_gandcrab
Gandcrab family
gandcrab

Files

35cceac6180bfc5ae3489bfec867256d504d1c287a069cfaf6e7f493ffeb1624
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

_ReflectiveLoader@0

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ