Trojan-Ransom[.]Win32[.]Blocker[.]jqww-b51a5c6e70441a9765e170f055805f8f415648c8221b00cce8201e421b8b3d0a

Sharing

Copy URL Twitter E-mail

General

Target

Trojan-Ransom.Win32.Blocker.jqww-b51a5c6e70441a9765e170f055805f8f415648c8221b00cce8201e421b8b3d0a
Size

78KB
MD5

f7e8ecd1c4c33376c490196509503d5d
SHA1

52052c6c2291fb268e7cf36fa481f82712b880e3
SHA256

b51a5c6e70441a9765e170f055805f8f415648c8221b00cce8201e421b8b3d0a
SHA512

29d4dfc3a5961edd20e95977296e89b32a2176207b27473755bcae86291b29aa903473241f6cd86b070804a263c225b79536eb4b26bcf80e2854ef6a4fd2ae2b
SSDEEP

1536:U4+p9aHgLP3HHvLwMYrtNm6JUSKHfudz9z4os:4vcMYrr3K/Q5b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Trojan-Ransom.Win32.Blocker.jqww-b51a5c6e70441a9765e170f055805f8f415648c8221b00cce8201e421b8b3d0a

Files

Trojan-Ransom.Win32.Blocker.jqww-b51a5c6e70441a9765e170f055805f8f415648c8221b00cce8201e421b8b3d0a
.exe windows x86

9a37df80effce634a618f670223812c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoW
FlushFileBuffers
GetStringTypeA
TlsFree
GetConsoleCP
GetOverlappedResult
GetModuleHandleA
IsValidCodePage
HeapReAlloc
DeleteCriticalSection
FindResourceA
FreeLibrary
FindFirstFileA
CreateEventA
WaitForMultipleObjects
LocalAlloc
HeapFree
MapViewOfFile
HeapSize
GetModuleHandleW
GetTickCount
GetConsoleOutputCP
SetUnhandledExceptionFilter
SetEndOfFile
WaitForSingleObject
UnhandledExceptionFilter
GetComputerNameA
GetStartupInfoA
FindFirstFileW
MultiByteToWideChar
GetEnvironmentVariableA
LocalLock
LoadResource
HeapCreate
HeapDestroy
VirtualLock
FreeResource
DeleteAtom
LoadLibraryA
OpenEventA
lstrcpyA
LoadLibraryExW
WideCharToMultiByte
GetStringTypeW
LCMapStringW
LCMapStringA
GetLocaleInfoA
RtlUnwind
HeapAlloc
GetOEMCP
GetCPInfo
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsSetValue
TlsGetValue
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetLastError
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
WriteFile
ExitProcess
Sleep
GetCommandLineA
TerminateProcess
FoldStringW
ResumeThread
GlobalAlloc
GetCurrentProcessId
GetStdHandle
ReadFile
GetFullPathNameA
SetEvent
SetConsoleCtrlHandler
VirtualAlloc
CreateFileMappingW
GetVersion
GetConsoleMode
FileTimeToSystemTime
DeleteFileA
FatalAppExitA
TlsAlloc
DecodePointer
GetACP
lstrcatW
GetProcAddress
DeviceIoControl
OutputDebugStringA

user32

LoadMenuW
SetDlgItemInt
PostMessageA
CharNextA
CheckRadioButton
CharUpperW
LoadCursorA
DeleteMenu
GetWindowLongW
SetDlgItemTextW
ChildWindowFromPoint
DrawTextW
SetWindowPlacement
IsChild
MsgWaitForMultipleObjects
IsDlgButtonChecked
GetMenuCheckMarkDimensions
SetWindowPos
IsWindow
CharLowerW
CheckMenuItem
EmptyClipboard
LoadCursorW
CallWindowProcW
ReleaseCapture
GetWindowPlacement
SendDlgItemMessageW
GetSysColor
GetDC
PeekMessageA
CheckDlgButton
EndDialog
MessageBoxW
TranslateAcceleratorW
GetForegroundWindow
CheckMenuRadioItem
SetWindowLongW
SetScrollPos
SetForegroundWindow
GetDlgItemTextW
SetWindowTextA
PeekMessageW
GetMenuItemCount
InflateRect
MoveWindow
GetWindowTextA
ShowWindow
IsClipboardFormatAvailable
GetFocus
GetSubMenu
DrawTextA

gdi32

SelectObject
CreateFontIndirectA
GetTextExtentPoint32A
GetDeviceCaps
StretchBlt
StartPage
GetObjectW
ExtTextOutA
SetWindowExtEx
DeleteObject
LPtoDP
EndDoc
EnumFontsW
CreateCompatibleBitmap
CreateFontIndirectW
GetObjectA
CreateCompatibleDC

winspool.drv

OpenPrinterW
GetPrinterDriverW

advapi32

RegOpenKeyA
RegSetValueExA
RegCreateKeyW
QueryServiceStatus
DeleteService
RegQueryValueExW

shell32

CommandLineToArgvW
ShellAboutW
DragFinish

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a37df80effce634a618f670223812c9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 4KB - Virtual size: 3KB