Static task
static1
General
-
Target
ransomware coi.zip
-
Size
1.2MB
-
MD5
ac3e69ef43b73040c9cb003881327f0b
-
SHA1
b256896395a1344795490ce6e04a344cbab5ddf6
-
SHA256
d0969db8e37213c4b5b78a73884ed6548a0f9e6eedfafc9ad33d2af0aa7490ca
-
SHA512
1e834177a6e67141a490a34bd11b37c96f8e7c6d589399e7bbfba9660b01551382d4410f8b2d33c791efc41202d933e426be85ef2e5470d6f071dda1692c4d97
-
SSDEEP
24576:5LCzZi5fvaspwFdGjW3Z28WCN02RshCT0KwtkgN7pYj6IYhb8FN/S9I:5Lj5fi/OW3Z+CNJWPtkiJhb8Km
Malware Config
Signatures
Files
-
ransomware coi.zip.zip
Password: infected
-
4f1600295371e629aea746047ceab3a644f978023e11154dec9ad872597d9d7c.rar.rar
-
conti_v3/Debug/cryptor.exe.exe windows x86
c6208cb6d0e38585b1658a3b2dadd67d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CloseHandle
GetLocalTime
CreateFileW
DecodePointer
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleCP
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
GetProcAddress
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetModuleFileNameW
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
EncodePointer
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetCurrentThread
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
OutputDebugStringW
SetStdHandle
GetStringTypeW
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
WriteConsoleW
user32
wsprintfW
ws2_32
htons
WSAGetLastError
Sections
.textbss Size: - Virtual size: 385KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 844KB - Virtual size: 843KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 57KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.msvcjmc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 260B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
conti_v3/Debug/cryptor_dll.dll.dll windows x86
706ab2e244e6de4b94853833af6e4d68
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CloseHandle
GetLocalTime
CreateThread
FreeLibraryAndExitThread
lstrcpyW
lstrlenW
VirtualAlloc
CreateFileW
OutputDebugStringW
DecodePointer
ReadConsoleW
ReadFile
GetConsoleMode
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
GetProcAddress
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetModuleFileNameW
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
EncodePointer
ExitProcess
GetModuleHandleExW
GetCurrentThread
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
GetFileSizeEx
SetFilePointerEx
GetStringTypeW
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
WriteFile
GetConsoleCP
WriteConsoleW
user32
wsprintfW
ws2_32
htons
WSAGetLastError
Sections
.textbss Size: - Virtual size: 384KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 842KB - Virtual size: 841KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 56KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.msvcjmc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 260B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
conti_v3/Debug/decryptor.exe.exe windows x86
705d81ff5014b90fe913b97e6c852c70
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CloseHandle
GetLastError
lstrcpynW
lstrlenW
MoveFileW
GetLogicalDriveStringsW
FindClose
FindFirstFileW
FindNextFileW
Sleep
lstrcmpW
lstrlenA
GetNativeSystemInfo
HeapAlloc
HeapFree
GetProcessHeap
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CancelIo
InitializeCriticalSection
WriteFile
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
CreateThread
ExitThread
CreateTimerQueue
CreateTimerQueueTimer
GlobalAlloc
GlobalFree
lstrcpyW
lstrcatW
DeleteTimerQueue
WaitForMultipleObjects
VirtualAlloc
FreeLibrary
SetFilePointerEx
SetEndOfFile
ReadFile
GetFileSizeEx
VirtualQuery
GetModuleHandleW
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
EnterCriticalSection
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
RaiseException
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
GetProcAddress
advapi32
CryptAcquireContextA
CryptImportKey
CryptDecrypt
msvcp140d
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Xlength_error@std@@YAXPBD@Z
shlwapi
StrStrIA
StrStrIW
iphlpapi
GetIpNetTable
netapi32
NetShareEnum
NetApiBufferFree
ws2_32
socket
WSAAddressToStringW
WSASocketW
gethostbyname
WSAGetLastError
WSACleanup
WSAStartup
gethostname
WSAIoctl
bind
closesocket
getsockopt
htons
inet_ntoa
setsockopt
shutdown
vcruntime140d
memmove
__CxxFrameHandler3
memcmp
memcpy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
_except_handler4_common
__vcrt_GetModuleFileNameW
__std_exception_copy
__vcrt_LoadLibraryExW
memset
__vcrt_GetModuleHandleW
ucrtbased
__p___argc
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_free_dbg
_seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_controlfp_s
terminate
_wmakepath_s
_wsplitpath_s
wcscpy_s
_invalid_parameter
_set_fmode
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
__setusermatherr
_set_app_type
_seh_filter_exe
_callnewh
_CrtDbgReportW
_CrtDbgReport
malloc
free
wcslen
__p___argv
Sections
.textbss Size: - Virtual size: 64KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 112KB - Virtual size: 112KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.msvcjmc Size: 1024B - Virtual size: 893B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 260B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
conti_v3/Release/decryptor.exe.exe windows x86
b35a82969cb8814737873652d66aa56b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CreateFileW
GetLastError
CloseHandle
SetFilePointerEx
MoveFileW
GetLogicalDriveStringsW
FindFirstFileW
FindNextFileW
FindClose
Sleep
lstrcmpW
GetNativeSystemInfo
HeapFree
HeapAlloc
GetProcessHeap
CancelIo
CreateTimerQueueTimer
EnterCriticalSection
SetEndOfFile
LeaveCriticalSection
InitializeCriticalSection
GetQueuedCompletionStatus
WaitForSingleObject
ExitThread
PostQueuedCompletionStatus
lstrcatW
GlobalAlloc
GlobalFree
CreateThread
DeleteCriticalSection
lstrcpyW
CreateIoCompletionPort
CreateTimerQueue
VirtualAlloc
WaitForMultipleObjects
WriteConsoleW
lstrcpynW
WriteFile
lstrlenW
GetFileSizeEx
GetConsoleMode
GetConsoleCP
DeleteTimerQueue
ReadFile
FlushFileBuffers
HeapReAlloc
HeapSize
LCMapStringW
CompareStringW
GetStringTypeW
GetFileType
SetStdHandle
SetEnvironmentVariableW
DecodePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
advapi32
CryptImportKey
CryptAcquireContextA
CryptDecrypt
shlwapi
StrStrIA
StrStrIW
iphlpapi
GetIpNetTable
netapi32
NetShareEnum
NetApiBufferFree
ws2_32
WSAStartup
socket
WSAAddressToStringW
inet_ntoa
shutdown
WSAIoctl
htons
setsockopt
WSAGetLastError
gethostbyname
closesocket
bind
WSASocketW
WSACleanup
gethostname
getsockopt
Sections
.text Size: 65KB - Virtual size: 65KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
conti_v3/Release/locker.exe.exe windows x86
5036747c069c42a5e12c38d94db67fad
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CloseHandle
GetLocalTime
WriteConsoleW
CreateFileW
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
LCMapStringW
GetProcessHeap
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DecodePointer
user32
wsprintfW
ws2_32
WSAGetLastError
htons
Sections
.text Size: 173KB - Virtual size: 173KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
conti_v3/Release/locker_x86.dll.dll windows x86
bef752859e3faeb3590ad643f6ed8e9c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CloseHandle
GetLocalTime
lstrlenW
FreeLibraryAndExitThread
CreateThread
lstrcpyW
WriteConsoleW
CreateFileW
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
LCMapStringW
GetProcessHeap
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
DecodePointer
user32
wsprintfW
ws2_32
WSAGetLastError
htons
Sections
.text Size: 172KB - Virtual size: 172KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
conti_v3/conti_v3.sln
-
conti_v3/cryptor/antihooks/antihooks.cpp
-
conti_v3/cryptor/antihooks/antihooks.h
-
conti_v3/cryptor/api/getapi.cpp
-
conti_v3/cryptor/api/getapi.h
-
conti_v3/cryptor/api/hash.cpp
-
conti_v3/cryptor/api/hash.h
-
conti_v3/cryptor/chacha20/CONTI.txt
-
conti_v3/cryptor/chacha20/R3ADM3.txt
-
conti_v3/cryptor/chacha20/chacha.c
-
conti_v3/cryptor/chacha20/chacha.h
-
conti_v3/cryptor/chacha20/ecrypt-config.h
-
conti_v3/cryptor/chacha20/ecrypt-machine.h
-
conti_v3/cryptor/chacha20/ecrypt-portable.h
-
conti_v3/cryptor/chacha20/ecrypt-sync.h
-
conti_v3/cryptor/common.h
-
conti_v3/cryptor/cryptor.cpp
-
conti_v3/cryptor/cryptor.h
-
conti_v3/cryptor/cryptor.vcxproj.xml
-
conti_v3/cryptor/cryptor.vcxproj.filters
-
conti_v3/cryptor/cryptor.vcxproj.user
-
conti_v3/cryptor/filesystem/disks.cpp
-
conti_v3/cryptor/filesystem/filesystem.h
-
conti_v3/cryptor/filesystem/search.cpp
-
conti_v3/cryptor/global/global_parameters.cpp
-
conti_v3/cryptor/global/global_parameters.h
-
conti_v3/cryptor/logs/logs.cpp
-
conti_v3/cryptor/logs/logs.h
-
conti_v3/cryptor/main.cpp
-
conti_v3/cryptor/memory.cpp
-
conti_v3/cryptor/memory.h
-
conti_v3/cryptor/mrph.h
-
conti_v3/cryptor/network_scanner/network_scanner.cpp
-
conti_v3/cryptor/network_scanner/network_scanner.h
-
conti_v3/cryptor/obfuscation/MetaRandom2.h
-
conti_v3/cryptor/obfuscation/MetaString.h
-
conti_v3/cryptor/prockiller/prockiller.cpp
-
conti_v3/cryptor/prockiller/prockiller.h
-
conti_v3/cryptor/queue.h
-
conti_v3/cryptor/threadpool/threadpool.cpp
-
conti_v3/cryptor/threadpool/threadpool.h
-
conti_v3/cryptor_dll/antihooks/antihooks.cpp
-
conti_v3/cryptor_dll/antihooks/antihooks.h
-
conti_v3/cryptor_dll/api/getapi.cpp
-
conti_v3/cryptor_dll/api/getapi.h
-
conti_v3/cryptor_dll/api/hash.cpp
-
conti_v3/cryptor_dll/api/hash.h
-
conti_v3/cryptor_dll/chacha20/CONTI.txt
-
conti_v3/cryptor_dll/chacha20/R3ADM3.txt
-
conti_v3/cryptor_dll/chacha20/chacha.c
-
conti_v3/cryptor_dll/chacha20/chacha.h
-
conti_v3/cryptor_dll/chacha20/ecrypt-config.h
-
conti_v3/cryptor_dll/chacha20/ecrypt-machine.h
-
conti_v3/cryptor_dll/chacha20/ecrypt-portable.h
-
conti_v3/cryptor_dll/chacha20/ecrypt-sync.h
-
conti_v3/cryptor_dll/common.h
-
conti_v3/cryptor_dll/cryptor.cpp
-
conti_v3/cryptor_dll/cryptor.h
-
conti_v3/cryptor_dll/cryptor_dll.vcxproj.xml
-
conti_v3/cryptor_dll/cryptor_dll.vcxproj.filters
-
conti_v3/cryptor_dll/cryptor_dll.vcxproj.user
-
conti_v3/cryptor_dll/filesystem/disks.cpp
-
conti_v3/cryptor_dll/filesystem/filesystem.h
-
conti_v3/cryptor_dll/filesystem/search.cpp
-
conti_v3/cryptor_dll/global/global_parameters.cpp
-
conti_v3/cryptor_dll/global/global_parameters.h
-
conti_v3/cryptor_dll/logs/logs.cpp
-
conti_v3/cryptor_dll/logs/logs.h
-
conti_v3/cryptor_dll/main.cpp
-
conti_v3/cryptor_dll/memory.cpp
-
conti_v3/cryptor_dll/memory.h
-
conti_v3/cryptor_dll/mrph.h
-
conti_v3/cryptor_dll/network_scanner/network_scanner.cpp
-
conti_v3/cryptor_dll/network_scanner/network_scanner.h
-
conti_v3/cryptor_dll/obfuscation/MetaRandom2.h
-
conti_v3/cryptor_dll/obfuscation/MetaString.h
-
conti_v3/cryptor_dll/prockiller/prockiller.cpp
-
conti_v3/cryptor_dll/prockiller/prockiller.h
-
conti_v3/cryptor_dll/queue.h
-
conti_v3/cryptor_dll/threadpool/threadpool.cpp
-
conti_v3/cryptor_dll/threadpool/threadpool.h
-
conti_v3/decryptor/chacha20/CONTI.txt
-
conti_v3/decryptor/chacha20/R3ADM3.txt
-
conti_v3/decryptor/chacha20/chacha.c
-
conti_v3/decryptor/chacha20/chacha.h
-
conti_v3/decryptor/chacha20/ecrypt-config.h
-
conti_v3/decryptor/chacha20/ecrypt-machine.h
-
conti_v3/decryptor/chacha20/ecrypt-portable.h
-
conti_v3/decryptor/chacha20/ecrypt-sync.h
-
conti_v3/decryptor/common.h
-
conti_v3/decryptor/decryptor.cpp
-
conti_v3/decryptor/decryptor.h
-
conti_v3/decryptor/decryptor.vcxproj.xml
-
conti_v3/decryptor/decryptor.vcxproj.filters
-
conti_v3/decryptor/decryptor.vcxproj.user
-
conti_v3/decryptor/filesystem/disks.cpp
-
conti_v3/decryptor/filesystem/filesystem.h
-
conti_v3/decryptor/filesystem/search.cpp
-
conti_v3/decryptor/global/global_parameters.cpp
-
conti_v3/decryptor/global/global_parameters.h
-
conti_v3/decryptor/main.cpp
-
conti_v3/decryptor/memory.cpp
-
conti_v3/decryptor/memory.h
-
conti_v3/decryptor/network_scanner/network_scanner.cpp
-
conti_v3/decryptor/network_scanner/network_scanner.h
-
conti_v3/decryptor/obfuscation/MetaRandom2.h
-
conti_v3/decryptor/obfuscation/MetaString.h
-
conti_v3/decryptor/queue.h
-
conti_v3/decryptor/threadpool/threadpool.cpp
-
conti_v3/decryptor/threadpool/threadpool.h
-
conti_v3/x64/Debug/cryptor.exe.exe windows x64
7188fbccafb52d4ab5cc5a42ca52da40
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
CloseHandle
GetLocalTime
VirtualAlloc
WriteConsoleW
CreateFileW
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleCP
GetCurrentThreadId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
GetProcAddress
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
GetModuleFileNameW
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetCurrentThread
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
OutputDebugStringW
SetStdHandle
GetStringTypeW
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
RtlUnwind
user32
wsprintfW
ws2_32
htons
WSAGetLastError
Sections
.textbss Size: - Virtual size: 477KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 144KB - Virtual size: 144KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 50KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.msvcjmc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 283B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
conti_v3/x64/Debug/cryptor_dll.dll.dll windows x64
c217d471ae39cf0ceecaa4a998068b58
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
CloseHandle
GetLocalTime
CreateThread
FreeLibraryAndExitThread
lstrcpyW
lstrlenW
VirtualAlloc
WriteConsoleW
CreateFileW
OutputDebugStringW
ReadConsoleW
ReadFile
GetConsoleMode
GetCurrentThreadId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
GetProcAddress
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
GetModuleFileNameW
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
ExitProcess
GetModuleHandleExW
GetCurrentThread
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
GetFileSizeEx
SetFilePointerEx
GetStringTypeW
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
WriteFile
GetConsoleCP
RtlUnwind
user32
wsprintfW
ws2_32
htons
WSAGetLastError
Sections
.textbss Size: - Virtual size: 477KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 144KB - Virtual size: 143KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 50KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.msvcjmc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 283B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
conti_v3/x64/Release/decryptor.exe.exe windows x64
1e3d09e95ffa5ebc9f2045c79e9d3663
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
CreateFileW
GetLastError
CloseHandle
SetFilePointerEx
MoveFileW
GetLogicalDriveStringsW
FindFirstFileW
FindNextFileW
FindClose
Sleep
lstrcmpW
GetNativeSystemInfo
HeapFree
HeapAlloc
GetProcessHeap
CancelIo
CreateTimerQueueTimer
EnterCriticalSection
SetEndOfFile
LeaveCriticalSection
InitializeCriticalSection
GetQueuedCompletionStatus
WaitForSingleObject
ExitThread
PostQueuedCompletionStatus
lstrcatW
GlobalAlloc
GlobalFree
CreateThread
DeleteCriticalSection
lstrcpyW
CreateIoCompletionPort
CreateTimerQueue
VirtualAlloc
WaitForMultipleObjects
WriteConsoleW
lstrcpynW
WriteFile
lstrlenW
GetFileSizeEx
GetConsoleMode
GetConsoleCP
DeleteTimerQueue
ReadFile
FlushFileBuffers
HeapReAlloc
HeapSize
LCMapStringW
CompareStringW
GetStringTypeW
GetFileType
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
advapi32
CryptImportKey
CryptAcquireContextA
CryptDecrypt
shlwapi
StrStrIA
StrStrIW
iphlpapi
GetIpNetTable
netapi32
NetShareEnum
NetApiBufferFree
ws2_32
WSAStartup
socket
WSAAddressToStringW
inet_ntoa
shutdown
WSACleanup
htons
setsockopt
WSAGetLastError
gethostbyname
closesocket
WSAIoctl
WSASocketW
bind
gethostname
getsockopt
Sections
.text Size: 68KB - Virtual size: 68KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ