makop | f4e2bab6cb056c8e644e4b8d4dac7cbf2b972d763f396a475e9fb539438de839[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

f4e2bab6cb056c8e644e4b8d4dac7cbf2b972d763f396a475e9fb539438de839.zip
Size

28KB
MD5

64e91532b95cc75c4c1dc2fb9a86bdbb
SHA1

f99b61a453870a60856d2f6ec6e445166912e730
SHA256

289c0f0f4ccee755aaf90a6037743d73d3da2cebc34366679ccc841d5eb5ed58
SHA512

da81fb12f6d88b3f07e045f0fd23eb11b9e08c7e06f554c210c4b4089ebcdeb2aae3c98e681a3a044516001ae4cd13edcc9b23af2122f61812c64ba06d9dfb56
SSDEEP

768:hd3hAMeZAA8jgtmqdaVfvFC0yBaE6ZzzD5OUGbHuenfC:hd3sZf8sQUaVfkjBaE6tDEUGQ

Score

10^/10

makop

Malware Config

Signatures

MAKOP ransomware payload 1 IoCs

resource	yara_rule
static1/unpack001/f4e2bab6cb056c8e644e4b8d4dac7cbf2b972d763f396a475e9fb539438de839.exe	family_makop

Makop family
makop

Files

f4e2bab6cb056c8e644e4b8d4dac7cbf2b972d763f396a475e9fb539438de839.zip
.zip

Password: infected
f4e2bab6cb056c8e644e4b8d4dac7cbf2b972d763f396a475e9fb539438de839.exe
.exe windows x86

364f4eb85abb3fe033aa9cfae7ac6b24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

kernel32

ReadFile
CreateFileW
GetFileSizeEx
MoveFileW
SetFileAttributesW
HeapAlloc
GetCurrentProcess
HeapFree
GetProcessHeap
GetVersion
GetProcAddress
LoadLibraryA
GetCurrentProcessId
OpenProcess
SetFilePointerEx
GetModuleHandleA
DuplicateHandle
ExitProcess
GetEnvironmentVariableW
CreateProcessW
CreatePipe
LocalFree
GetCommandLineW
Process32NextW
CreateMutexA
CreateToolhelp32Snapshot
GetLocaleInfoW
GetModuleFileNameW
Process32FirstW
GetSystemWindowsDirectoryW
SetHandleInformation
GetTempPathW
GetTempFileNameW
CreateDirectoryW
WriteFile
Sleep
FindClose
GetLastError
GetFileAttributesW
GetLogicalDrives
WaitForSingleObject
CreateThread
GetVolumeInformationW
SetErrorMode
FindNextFileW
GetDriveTypeW
WaitForMultipleObjects
FindFirstFileW
TerminateProcess
DeleteCriticalSection
GetExitCodeProcess
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
CloseHandle
GetFileType
PeekNamedPipe

user32

wsprintfA
GetShellWindow
wsprintfW
GetWindowThreadProcessId
ReleaseDC
SystemParametersInfoW
DrawTextA
GetDC

gdi32

CreateFontW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
DeleteDC
SetTextColor
GetObjectW
GetDeviceCaps
GetDIBits

advapi32

CryptGenRandom
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
DuplicateTokenEx
OpenProcessToken
SetTokenInformation
GetTokenInformation
CryptDecrypt
CryptDestroyKey
CryptAcquireContextW
CryptSetKeyParam
CryptReleaseContext
CryptImportKey
CryptEncrypt

shell32

ord680
CommandLineToArgvW
SHGetSpecialFolderPathW

msimg32

GradientFill

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

364f4eb85abb3fe033aa9cfae7ac6b24

Headers

DLL Characteristics

File Characteristics

Imports

mpr

kernel32

user32

gdi32

advapi32

shell32

msimg32

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: - Virtual size: 72KB

.ndata Size: 11KB - Virtual size: 10KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: - Virtual size: 72KB

.ndata
Size: 11KB - Virtual size: 10KB