Trojan-Ransom[.]Win32[.]Bart[.]i-45fcdd90b1268f6d5dd2a99a78c3df1a95b7809cbe13b68d9f164edd2264005e | Triage

Sharing

General

Target

Trojan-Ransom.Win32.Bart.i-45fcdd90b1268f6d5dd2a99a78c3df1a95b7809cbe13b68d9f164edd2264005e
Size

121KB
MD5

6de7324c37519831cf586e3b2c786e53
SHA1

abb423454abd2caa431634667903640037b6ee9b
SHA256

45fcdd90b1268f6d5dd2a99a78c3df1a95b7809cbe13b68d9f164edd2264005e
SHA512

6172a9b52749e89017c4ad2f685a4399e5d092e0517ef98dff6d071b61e5db7343ca5298d00c57b1fed2d5a7afc9b63d2be8cd89b83af0c09b3e6c950c227227
SSDEEP

3072:3s+7qZCqeKW9cafSypBCaJDftXdCD66X:377qZCqeKW9cotpBfVVoDX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Trojan-Ransom.Win32.Bart.i-45fcdd90b1268f6d5dd2a99a78c3df1a95b7809cbe13b68d9f164edd2264005e

Files

Trojan-Ransom.Win32.Bart.i-45fcdd90b1268f6d5dd2a99a78c3df1a95b7809cbe13b68d9f164edd2264005e
.exe windows x86

da7212e11f7a8d7ab5284841cd598d8e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

memset

kernel32

GetModuleHandleA
HeapCreate
VirtualProtect
HeapDestroy
ExitProcess
lstrlenA
GetProcAddress
HeapFree
HeapAlloc
QueryPerformanceFrequency
LoadLibraryA
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
FindClose
FindFirstFileA
GetLastError
FindNextFileA
HeapReAlloc
GetLogicalDriveStringsA

msvcrt

pow
fopen
malloc
free
fclose
exit
_iob
fprintf
sprintf
fwrite
fflush
ferror
memcpy
getenv
sscanf
strlen
strcpy
strncpy
strcat

user32

MessageBoxA
ShowCursor
InvalidateRect
ShowWindow
FillRect
BeginPaint
EndPaint
DefWindowProcA
LoadIconA
RegisterClassExA
CreateWindowExA
GetWindowThreadProcessId
IsWindowVisible
IsWindowEnabled
GetForegroundWindow
EnableWindow
EnumWindows

gdi32

GetStockObject
CreateSolidBrush
CreatePen
DeleteObject

comctl32

InitCommonControls

winmm

timeEndPeriod
mciSendCommandA

ole32

CoInitialize

Sections

.code
Size: 1024B - Virtual size: 1023B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE