egregor | 38a41e8128ae3955d541c8a00a93de1cd10a01c58368c8254a35659f8627ba30

Sharing

Copy URL

Twitter E-mail

General

Target

38a41e8128ae3955d541c8a00a93de1cd10a01c58368c8254a35659f8627ba30
Size

451KB
MD5

0731679c5f99e8ee65d8b29a3cabfc6b
SHA1

0e1c4879af54333c6eeca90c97083f1ca0f4ee98
SHA256

38a41e8128ae3955d541c8a00a93de1cd10a01c58368c8254a35659f8627ba30
SHA512

806b67420f5b449a4470cb630bc09bee397d30d2f24ec055e37730f4368d441250295adca17e3ae1ebbe64fde6a49531d26231846edb75ab023ddec1d5ea0dd4
SSDEEP

6144:r8qW6UYXPqDKlLIG0O4AnpKdvgB7DkzOxpJfUuI+xAI:rqUPqDKlLIG0O4AnpsAXksfUuI+x7

Score

10^/10

egregor

Malware Config

Signatures

Detected Egregor ransomware 1 IoCs

resource	yara_rule
sample	family_egregor

Egregor family
egregor

Files

38a41e8128ae3955d541c8a00a93de1cd10a01c58368c8254a35659f8627ba30
.exe windows x86

f17333e18f3da462d0b21b1bfbac3c62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetProcessHeap
GetVolumeInformationA
GetLastError
VirtualAlloc
VirtualFree
GetComputerNameA
HeapReAlloc
lstrlenW
MultiByteToWideChar
GetConsoleWindow
WriteConsoleW
CloseHandle
CreateFileW
ReadConsoleW
GlobalFree
HeapAlloc
ReadFile
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
SetConsoleCtrlHandler
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
GetFileType
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetCurrentThread
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
GetEnvironmentStringsW
DecodePointer

user32

wsprintfA
ShowWindow

advapi32

GetCurrentHwProfileA

winhttp

WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpSetOption

netapi32

NetServerEnum
DsEnumerateDomainTrustsA
NetApiBufferFree
NetGetJoinInformation

Sections

.text
Size: 382KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 512B - Virtual size: 362B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f17333e18f3da462d0b21b1bfbac3c62

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

winhttp

netapi32

Sections

.text Size: 382KB - Virtual size: 381KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 4KB - Virtual size: 9KB

.idata Size: 4KB - Virtual size: 4KB

.msvcjmc Size: 512B - Virtual size: 362B

.00cfg Size: 512B - Virtual size: 265B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 382KB - Virtual size: 381KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 4KB - Virtual size: 9KB

.idata
Size: 4KB - Virtual size: 4KB

.msvcjmc
Size: 512B - Virtual size: 362B

.00cfg
Size: 512B - Virtual size: 265B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 11KB