gandcrab | 9c1ac77f687ad2bfe197e4a8f2b969d7caf4f8ddb707177b9461d7e74879ae33[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9c1ac77f687ad2bfe197e4a8f2b969d7caf4f8ddb707177b9461d7e74879ae33.exe
Size

126KB
MD5

cd5866f5118ae8712ad9cc66fba3df4f
SHA1

6cf658ea474ee24a76ddac575842641f9eac17b4
SHA256

9c1ac77f687ad2bfe197e4a8f2b969d7caf4f8ddb707177b9461d7e74879ae33
SHA512

b6ff437b75baac2080d367ab1c4a43c8289ab4df464b16b207ee4526ea0b4fbd5231a4575fccb6c6855a89a1f5a9c1e6b41c565a5be2b42fdbd5a74be5f856f4
SSDEEP

1536:LZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAEMqqU+2bbbAV2/S2LNmHks:LBounVyFHFMqqDL2/LgHkc2oYvQd2a

Score

10^/10

upx gandcrab

Malware Config

Signatures

GandCrab payload 1 IoCs

resource	yara_rule
sample	family_gandcrab

Gandcrab family
gandcrab

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

9c1ac77f687ad2bfe197e4a8f2b969d7caf4f8ddb707177b9461d7e74879ae33.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

_ReflectiveLoader@0

Sections

UPX0
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE