venus | 38d8f55b3a4b6871b5e62fdc73c504d6[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

38d8f55b3a4b6871b5e62fdc73c504d6.bin
Size

225KB
MD5

38d8f55b3a4b6871b5e62fdc73c504d6
SHA1

102b8625e5662c89efe4547dc2cb173be8b08851
SHA256

8045ad5cda6c42e5669cf52e492c004d842c7ae6f8a09522134834d0f57347eb
SHA512

97c8f11f1bd28ecacddf3606b507dbeb0ab85a56c788e99160ef77c9757f92fd1e4920b24ad077de8763939da77d2bd71089512787dda0fd0e804d47c0cbbecb
SSDEEP

6144:gUhJmXLQwAhgEkJ8kdV50DErPMxgTw7ozFD254W:gUneLQwAE8VDtGcopfW

Score

10^/10

venus

Malware Config

Signatures

Venus Ransomware 1 IoCs

resource	yara_rule
sample	family_venus

Venus family
venus

Files

38d8f55b3a4b6871b5e62fdc73c504d6.bin
.exe windows x86

bb2600e94092da119ee6acbbd047be43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptStringToBinaryA

comctl32

ord17
InitCommonControlsEx

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

kernel32

Process32FirstW
GetSystemInfo
GetVersionExW
GetModuleHandleA
lstrcpyA
GetProcAddress
ExitProcess
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetVolumeInformationW
GetVolumePathNameW
MulDiv
GetCommandLineW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetFileSize
QueryDosDeviceW
ReadFile
GetTempPathW
CreateMutexW
CreateProcessA
lstrcatA
IsWow64Process
GetModuleFileNameA
GetModuleFileNameW
SetVolumeMountPointW
Process32NextW
ResumeThread
WaitForMultipleObjects
GetComputerNameExW
lstrcmpiW
GetSystemTime
GetWindowsDirectoryW
lstrcatW
GetLastError
Sleep
GetCurrentThreadId
CreateFileW
lstrlenA
WriteFile
lstrlenW
lstrcpyW
CreateThread
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceW
lstrcmpW
GetProcessHeap
CloseHandle
HeapReAlloc
OpenProcess
Wow64DisableWow64FsRedirection
WaitForSingleObject
GetCurrentProcess
VirtualAlloc

user32

DefWindowProcW
GetWindowRect
GetDC
SetWindowPos
MessageBoxW
CreateWindowExW
SendMessageW
EndDialog
GetSystemMetrics
RegisterClassExW
wsprintfA
DispatchMessageW
SetTimer
RegisterHotKey
TranslateMessage
LoadCursorW
GetClientRect
GetDlgItem
PostQuitMessage
wsprintfW
DrawTextW
GetMessageW
ReleaseDC
SystemParametersInfoW
ShowWindow
LoadImageW

gdi32

CreateCompatibleBitmap
BitBlt
CreateFontW
DeleteDC
GetDeviceCaps
SetBkMode
SetTextColor
DeleteObject
GetTextExtentPoint32W
SelectObject
CreateCompatibleDC
CreateDIBSection
SetBkColor

advapi32

RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
SystemFunction036
RegQueryValueExW
RegQueryValueExA
RegCloseKey
AllocateAndInitializeSid

shell32

SHGetPathFromIDListW
CommandLineToArgvW
ShellExecuteExW
SHBrowseForFolderW
SHEmptyRecycleBinW

ws2_32

ntohl
inet_ntoa
setsockopt
socket
gethostbyname
WSAStartup
inet_addr
htons
bind
WSACleanup
sendto

iphlpapi

SendARP
GetAdaptersAddresses

netapi32

NetApiBufferFree
NetShareEnum

Sections

.flat
Size: 512B - Virtual size: 333B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb2600e94092da119ee6acbbd047be43

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

comctl32

mpr

kernel32

user32

gdi32

advapi32

shell32

ws2_32

iphlpapi

netapi32

Sections

.flat Size: 512B - Virtual size: 333B

.text Size: 93KB - Virtual size: 93KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 83KB - Virtual size: 91KB

.rsrc Size: 512B - Virtual size: 488B

.flat
Size: 512B - Virtual size: 333B

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 83KB - Virtual size: 91KB

.rsrc
Size: 512B - Virtual size: 488B