Trojan-Ransom[.]Win32[.]Blocker[.]heoy-ab32b476acfb95c391e312dc3c4ea6d042515713e05c3d132906a59313a48285 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Trojan-Ransom.Win32.Blocker.heoy-ab32b476acfb95c391e312dc3c4ea6d042515713e05c3d132906a59313a48285
Size

340KB
MD5

70407dc747741b80b6caf73ddc06ec7e
SHA1

fa3a23676e569857abfdcbd64513a0fd58db204d
SHA256

ab32b476acfb95c391e312dc3c4ea6d042515713e05c3d132906a59313a48285
SHA512

d92429f566450d134cab8aedbba791685ca994bfdce1eeb2ff2c3f2418d384991c2a2f3b6086b47b72577cc17efc902cb898e959cb9247843ee3307a4ad4adbb
SSDEEP

6144:fBZPbEkTLCBTvUgldtu34dKXqKjIdoCXdaONE5FhdPrEv:fBZbEkTLCBTvUgldtu34dKXqZ5XdaaE

Score

N/A

Malware Config

Signatures

Files

Trojan-Ransom.Win32.Blocker.heoy-ab32b476acfb95c391e312dc3c4ea6d042515713e05c3d132906a59313a48285
.exe windows x86

cad9d7a1e55dc4edd87135d205fee319

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlMoveMemory

msvbvm60

MethCallEngine
ord516
ord631
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord606
ProcCallEngine
ord537
ord644
ord100
ord616
ord581

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE