mimic | 08f8ae7f25949a742c7896cb76e37fb88c6a7a32398693ec6c2b3d9b488114be[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

08f8ae7f25949a742c7896cb76e37fb88c6a7a32398693ec6c2b3d9b488114be.exe
Size

2.6MB
MD5

db21ed7d19149a615d7432aca9c8f6ca
SHA1

4137739d48996b0d9efd7bfbb5db50219ac4aeb0
SHA256

08f8ae7f25949a742c7896cb76e37fb88c6a7a32398693ec6c2b3d9b488114be
SHA512

10c594dd293035a76bbff1d60cb95e7e0ae48f24f40e4494c941f041c5f0a4ff7d39969891bca2e4c86f1de037a6254d66bb7b8cf67d5747f8ab61ba56fd4200
SSDEEP

49152:s8qq+8I1QqOcsVfuJFfMmqtP1QHPwy+JOf+ZXJo2iHgqS:s8qHH4yF0mqc5f+ZWHgqS

Score

10^/10

mimic

Malware Config

Signatures

Detects Mimic ransomware 1 IoCs

resource	yara_rule
sample	family_mimic

Mimic family
mimic

Files

08f8ae7f25949a742c7896cb76e37fb88c6a7a32398693ec6c2b3d9b488114be.exe
.exe windows x86

48a78037b4f23e1c89d5cf9d56d095b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileW
TerminateProcess
RemoveDirectoryW
FindClose
CreateMutexA
GetVersionExW
K32GetProcessImageFileNameW
UnmapViewOfFile
DuplicateHandle
CreateToolhelp32Snapshot
GetExitCodeThread
Process32NextW
Process32FirstW
GetNativeSystemInfo
LoadLibraryW
Module32FirstW
GetWindowsDirectoryW
GetProcAddress
CreateProcessW
GetModuleHandleW
WideCharToMultiByte
CreateRemoteThread
Module32NextW
K32GetMappedFileNameW
CreateFileMappingW
MapViewOfFile
GetTickCount
lstrcmpW
IsWow64Process
VirtualQueryEx
GetComputerNameExW
GlobalMemoryStatusEx
WaitForMultipleObjects
SetEvent
CreateEventA
ReadProcessMemory
GetStdHandle
GetEnvironmentVariableW
GetFileType
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
QueryPerformanceCounter
GetSystemTimeAsFileTime
FormatMessageW
DeleteFiber
ConvertFiberToThread
FreeLibrary
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
WriteConsoleW
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
QueryDosDeviceW
GetSystemWindowsDirectoryW
LocalFree
GetCurrentThread
LocalAlloc
SetProcessShutdownParameters
GetCurrentProcess
CreateTimerQueue
CreateIoCompletionPort
lstrcpyW
lstrcatW
PostQueuedCompletionStatus
ExitThread
GetQueuedCompletionStatus
DeleteTimerQueue
CreateTimerQueueTimer
CancelIo
GetProcessHeap
HeapAlloc
SetPriorityClass
GetCurrentProcessId
SetCurrentDirectoryW
CreateThread
Wow64RevertWow64FsRedirection
Sleep
OpenProcess
WaitForSingleObject
Wow64DisableWow64FsRedirection
GetCommandLineW
DeleteCriticalSection
GetLocalTime
SetFilePointer
WriteFile
SetFileAttributesW
GetFileAttributesW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetFileTime
GetDriveTypeW
FindNextVolumeW
GetSystemTime
GetVolumePathNamesForVolumeNameW
IsValidCodePage
GetTimeZoneInformation
HeapReAlloc
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleOutputCP
FlushFileBuffers
SetEnvironmentVariableW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
SetConsoleCtrlHandler
ExitProcess
RaiseException
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
CopyFileW
SystemTimeToFileTime
FindVolumeClose
SetVolumeMountPointW
GetDiskFreeSpaceExW
GetLastError
SetFileTime
DeviceIoControl
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
HeapFree
FindFirstFileW
GetLocaleInfoW
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
SwitchToThread
CreateEventW
TryEnterCriticalSection
SetFilePointerEx
SetEndOfFile
MoveFileExW
lstrlenW
FindFirstVolumeW
GetLogicalDrives
GetVolumeInformationW
CreateDirectoryW
lstrcmpiW
CloseHandle
MultiByteToWideChar
CreateFileW
GetFileSizeEx
ReadFile
GetModuleFileNameW
DeleteFileW
AreFileApisANSI
GetStringTypeW
QueryPerformanceFrequency
GetCurrentDirectoryW
FindFirstFileExW
GetFileInformationByHandle
GetFullPathNameW

user32

wsprintfW
GetProcessWindowStation
GetUserObjectInformationW
wvsprintfW
MessageBoxW

advapi32

GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
SetSecurityInfo
InitializeAcl
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
LookupPrivilegeNameW
RegCloseKey
GetSecurityDescriptorDacl
AdjustTokenPrivileges
GetSecurityDescriptorSacl
LookupPrivilegeValueW
QueryServiceStatusEx
OpenServiceW
RegDeleteValueW
ChangeServiceConfigW
EnumDependentServicesW
ControlService
OpenSCManagerW
CloseServiceHandle
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegGetValueW
EqualSid
CreateWellKnownSid
GetUserNameW
LookupAccountSidW
OpenThreadToken

shell32

CommandLineToArgvW
SHEmptyRecycleBinW

ole32

CoInitializeSecurity
CoGetObject
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

shlwapi

PathStripPathW
PathGetArgsW
PathFindExtensionW
StrStrW
StrStrIW
PathRemoveFileSpecW
StrStrIA
PathFileExistsW
PathRemoveExtensionW

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

ws2_32

setsockopt
WSAGetLastError
inet_ntop
getsockopt
gethostname
inet_ntoa
WSAAddressToStringW
WSAStartup
WSASocketW
shutdown
gethostbyname
closesocket
WSAIoctl
bind
WSACleanup
recv
send
WSASetLastError
htons
socket

iphlpapi

GetIpNetTable

netapi32

NetApiBufferFree
NetShareEnum

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

everything32

Everything_DeleteRunHistory
Everything_GetResultSize
Everything_GetResultFullPathNameW
Everything_QueryW
Everything_GetLastError
Everything_CleanUp
Everything_Exit
Everything_SetRequestFlags
Everything_IsDBLoaded
Everything_GetNumResults
Everything_RebuildDB
Everything_SetSearchW

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 454KB - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48a78037b4f23e1c89d5cf9d56d095b3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

ws2_32

iphlpapi

netapi32

mpr

everything32

bcrypt

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 454KB - Virtual size: 453KB

.data Size: 13KB - Virtual size: 31KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 64KB - Virtual size: 64KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 454KB - Virtual size: 453KB

.data
Size: 13KB - Virtual size: 31KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 64KB - Virtual size: 64KB