RansomTuga[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

RansomTuga.exe
Size

1.4MB
MD5

41ebbb3be84010c309a2886151ec075a
SHA1

60f943d1a8110e5988075694466093e66a8a0558
SHA256

48c868c2ed1d7cfdade91e4c9ef4649b73037e0c18a8338eb97a3968041427ce
SHA512

cb8b065ac6b2b24a215165b6502cf1ed53adffb176407929c11d804b411ddc5f9f61185a1150ffd0a3f7fcc0980b40855128cd650ba39e76618bd19ab5544696
SSDEEP

24576:mrRE4V2JohrE+YyUKnEA2MX1ymFh2baKLzo8zqXUyInFXJGiw:mrRj/hg+YrAnlyOhlkoBQsi

Score

1^/10

Malware Config

Signatures

Files

RansomTuga.exe
.exe windows x64

bcedbbbeb4d5616629ef3b98013d9a8f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

IsDebuggerPresent
CheckRemoteDebuggerPresent
CreateFileA
DeleteFileA
CloseHandle
GetFileSize
MultiByteToWideChar
SizeofResource
WriteFile
CreateFileW
GetLocaleInfoA
LockResource
GlobalAlloc
GlobalFree
GetSystemInfo
FindResourceExW
LoadResource
FindResourceW
SetFileAttributesA
GetModuleHandleW
VerSetConditionMask
GetComputerNameW
SystemTimeToFileTime
GlobalMemoryStatusEx
VerifyVersionInfoW
GetSystemTime
GlobalUnlock
CreateMutexA
Sleep
SetEndOfFile
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetStdHandle
GetProcessHeap
DeleteCriticalSection
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
HeapSetInformation
HeapReAlloc
GetLastError
InitializeCriticalSectionEx
HeapSize
LeaveCriticalSection
GetCurrentProcess
EnterCriticalSection
HeapFree
GlobalLock
VirtualProtect
CreatePipe
ReadConsoleW
ReadFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetExitCodeProcess
WaitForSingleObject
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleFileNameW
DeleteFileW
RemoveDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableW
GetFullPathNameW
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
CreateProcessW
DuplicateHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlPcToFileHeader
InterlockedPushEntrySList
RtlUnwindEx
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcessId
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
CreateToolhelp32Snapshot
Thread32First
Thread32Next
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObjectEx
GetExitCodeThread
FormatMessageA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WideCharToMultiByte
LocalFree
GetLocaleInfoEx
CreateDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
AreFileApisANSI
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
EncodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetStartupInfoW
OutputDebugStringW
RaiseException

user32

GetDesktopWindow
OpenClipboard
GetWindowRect
EnumDisplayDevicesW
GetClipboardData
CloseClipboard
GetDC

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
CreateDIBSection
SetDIBColorTable
CreateCompatibleDC
GetDIBits
GetObjectW
DeleteObject
DeleteDC

advapi32

GetUserNameW
GetCurrentHwProfileW

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance

oleaut32

VariantInit
SysFreeString
SysAllocString
SysStringLen
VariantClear

shlwapi

PathFindExtensionW
PathIsDirectoryEmptyA

gdiplus

GdipSaveImageToFile
GdiplusShutdown
GdipDrawImageI
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipGetImagePalette
GdipDeleteGraphics
GdipGetImageEncodersSize
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdiplusStartup
GdipGetImageHeight
GdipGetImageEncoders
GdipGetImagePaletteSize
GdipCreateBitmapFromFile
GdipFree
GdipGetImagePixelFormat
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipBitmapUnlockBits
GdipCloneImage

urlmon

URLDownloadToFileA

Sections

.text
Size: 786KB - Virtual size: 786KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 450KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bcedbbbeb4d5616629ef3b98013d9a8f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

gdiplus

urlmon

Sections

.text Size: 786KB - Virtual size: 786KB

.rdata Size: 180KB - Virtual size: 180KB

.data Size: 16KB - Virtual size: 46KB

.pdata Size: 25KB - Virtual size: 24KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 450KB - Virtual size: 449KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 786KB - Virtual size: 786KB

.rdata
Size: 180KB - Virtual size: 180KB

.data
Size: 16KB - Virtual size: 46KB

.pdata
Size: 25KB - Virtual size: 24KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 450KB - Virtual size: 449KB

.reloc
Size: 6KB - Virtual size: 5KB