venus-ransomw[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

venus-ransomw.zip
Size

146KB
MD5

c4229b28874699ed7ad5e42b9312c8e4
SHA1

f2de1e67fc2a0f2b2c52be2ab052dd699c45dcee
SHA256

583f6f9b1e56c2d778707c9942bb179e4351b6a360c6d2ffb13f65775706aad5
SHA512

ce0ba6b25555808e66dcd9ce87060ebca25ba4ffbcf86b65625e362fd9dd91c35ad641f6e76384e8134d80f007910027133c83250b8b4fdb118777de761cd712
SSDEEP

3072:zrH6Di67nbVpAiSx2WrCQK3K07r83e/OceX6tQ3R21HKGgyx:3aDiKnaxGQKPrPepIq1S

Score

N/A

Malware Config

Signatures

Files

venus-ransomw.zip
.zip

Password: infected
6d8e2d8f6aeb0f4512a53fe83b2ef7699513ebaff31735675f46d1beea3a8e05.exe
.exe windows x86

bb2600e94092da119ee6acbbd047be43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptStringToBinaryA

comctl32

ord17
InitCommonControlsEx

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

kernel32

Process32FirstW
GetSystemInfo
GetVersionExW
GetModuleHandleA
lstrcpyA
GetProcAddress
ExitProcess
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetVolumeInformationW
GetVolumePathNameW
MulDiv
GetCommandLineW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetFileSize
QueryDosDeviceW
ReadFile
GetTempPathW
CreateMutexW
CreateProcessA
lstrcatA
IsWow64Process
GetModuleFileNameA
GetModuleFileNameW
SetVolumeMountPointW
Process32NextW
ResumeThread
WaitForMultipleObjects
GetComputerNameExW
lstrcmpiW
GetSystemTime
GetWindowsDirectoryW
lstrcatW
GetLastError
Sleep
GetCurrentThreadId
CreateFileW
lstrlenA
WriteFile
lstrlenW
lstrcpyW
CreateThread
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceW
lstrcmpW
GetProcessHeap
CloseHandle
HeapReAlloc
OpenProcess
Wow64DisableWow64FsRedirection
WaitForSingleObject
GetCurrentProcess
VirtualAlloc

user32

DefWindowProcW
GetWindowRect
GetDC
SetWindowPos
MessageBoxW
CreateWindowExW
SendMessageW
EndDialog
GetSystemMetrics
RegisterClassExW
wsprintfA
DispatchMessageW
SetTimer
RegisterHotKey
TranslateMessage
LoadCursorW
GetClientRect
GetDlgItem
PostQuitMessage
wsprintfW
DrawTextW
GetMessageW
ReleaseDC
SystemParametersInfoW
ShowWindow
LoadImageW

gdi32

CreateCompatibleBitmap
BitBlt
CreateFontW
DeleteDC
GetDeviceCaps
SetBkMode
SetTextColor
DeleteObject
GetTextExtentPoint32W
SelectObject
CreateCompatibleDC
CreateDIBSection
SetBkColor

advapi32

RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
SystemFunction036
RegQueryValueExW
RegQueryValueExA
RegCloseKey
AllocateAndInitializeSid

shell32

SHGetPathFromIDListW
CommandLineToArgvW
ShellExecuteExW
SHBrowseForFolderW
SHEmptyRecycleBinW

ws2_32

ntohl
inet_ntoa
setsockopt
socket
gethostbyname
WSAStartup
inet_addr
htons
bind
WSACleanup
sendto

iphlpapi

SendARP
GetAdaptersAddresses

netapi32

NetApiBufferFree
NetShareEnum

Sections

.flat
Size: 512B - Virtual size: 333B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

bb2600e94092da119ee6acbbd047be43

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

comctl32

mpr

kernel32

user32

gdi32

advapi32

shell32

ws2_32

iphlpapi

netapi32

Sections

.flat Size: 512B - Virtual size: 333B

.text Size: 93KB - Virtual size: 93KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 83KB - Virtual size: 91KB

.rsrc Size: 512B - Virtual size: 488B

.flat
Size: 512B - Virtual size: 333B

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 83KB - Virtual size: 91KB

.rsrc
Size: 512B - Virtual size: 488B