Trojan-Ransom[.]Win32[.]Blocker[.]doet-cf81c03bfeea207c99c033f897fc61b775619f4fb2e0f4bced66b8705b51ce04 | Triage

Submit
Reports

Overview

overview

6

Static

static

Trojan-Ran...er.exe

windows7-x64

Trojan-Ran...er.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

Trojan-Ransom.Win32.Blocker.exe

Resource

win7-20220812-en

bootkit persistence

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Trojan-Ransom.Win32.Blocker.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

General

Target

Trojan-Ransom.Win32.Blocker.doet-cf81c03bfeea207c99c033f897fc61b775619f4fb2e0f4bced66b8705b51ce04
Size

547KB
MD5

a7d03f21c6a80e9e3f53a41eca6572aa
SHA1

d8c65a654d80add50e9eec58fcbf398c40206521
SHA256

cf81c03bfeea207c99c033f897fc61b775619f4fb2e0f4bced66b8705b51ce04
SHA512

bd1e670ef34eea4baf1e55e83241901531ae049d7d78414cfa079cf4c37184cc55a5a6ffee5bdc379e5b05f917e02d770a83295d32b8cb12c172c7c875d7b2a9
SSDEEP

12288:Gbw+HkbSV2KrvEp70lcNzk/noyB3cat9Qhyk0InTeokPXVx0iKbWd/:GbwskbA2PpLNwVBHu3bnTfaVyc

Score

N/A

Malware Config

Signatures

Files

Trojan-Ransom.Win32.Blocker.doet-cf81c03bfeea207c99c033f897fc61b775619f4fb2e0f4bced66b8705b51ce04
.exe windows x86

8ace9a09da8d1e3bbc2814a3712e2e4c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strlen
strcpy
strcat
sprintf
_stricmp
memmove
floor
ceil
_CIasin
strncpy
localtime
mktime
memcpy

kernel32

GetModuleHandleA
HeapCreate
CreateThread
HeapDestroy
ExitProcess
GetCommandLineA
GetCurrentProcess
CloseHandle
CreateFileA
SetFilePointer
SetEndOfFile
HeapAlloc
WriteFile
HeapFree
WideCharToMultiByte
Sleep
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
GetLocalTime
HeapReAlloc
ReadFile

wsock32

closesocket
WSACleanup
WSAStartup

winmm

timeBeginPeriod
timeEndPeriod

Sections

.code
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy