Trojan-Ransom[.]Win32[.]Blocker[.]ilyy-df983ef390580226158f9777441564504c6321d83d93751ee9e1e441f3bce8d2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Trojan-Ransom.Win32.Blocker.ilyy-df983ef390580226158f9777441564504c6321d83d93751ee9e1e441f3bce8d2
Size

334KB
MD5

5c8a8bfd37ab70b33430ec818c3dfce1
SHA1

193efd1baa0340310b5e6259a48c4e3f17718a17
SHA256

df983ef390580226158f9777441564504c6321d83d93751ee9e1e441f3bce8d2
SHA512

54c5aa64075740d2454d77d24ed1a39b2bb18c3b622ac5e266fe4d683a4bceb5c3d987b120daf14a5da4ad1a7fd305ea6fee5a61f0bbd6acb524a018e32282aa
SSDEEP

3072:IF3md7bSIuAl82DDjUFI3jTqjvvZvZw9u1NPQMmUkqQhgWN9Ja+UNVyKb95g7I9M:IUd7b1uAFDHfqThmePlMC+mRb9Mjdwg

Score

N/A

Malware Config

Signatures

Files

Trojan-Ransom.Win32.Blocker.ilyy-df983ef390580226158f9777441564504c6321d83d93751ee9e1e441f3bce8d2
.exe windows x86

c9c55decb4c3a9495e395e173c5788a2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlMoveMemory

msvbvm60

MethCallEngine
ord516
ord598
ord631
EVENT_SINK_AddRef
ord527
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord606
ord717
ProcCallEngine
ord537
ord644
ord572
ord100
ord616
ord618
ord581

Sections

.text
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE