Trojan-Ransom[.]Win32[.]CryptXXX[.]xmt-9f44d57b6ce58d6900d5d6f8b14dca3178bb3960fc267f0fd557ae1fad98a01f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Trojan-Ransom.Win32.CryptXXX.xmt-9f44d57b6ce58d6900d5d6f8b14dca3178bb3960fc267f0fd557ae1fad98a01f
Size

56KB
MD5

ed3b9b09fb619f9c025ff6ae736255b7
SHA1

c299d7d599bffaeab045b2ac492c201fa5342fce
SHA256

9f44d57b6ce58d6900d5d6f8b14dca3178bb3960fc267f0fd557ae1fad98a01f
SHA512

6d65224439a4409b8ac23ab564b14ccd696bffd240350a30f50349047e8277d1978477f95e07e978b3831fdf388aa6e9309563d4e22cbaa3ebab71f902044f3a
SSDEEP

768:YP0GxrTR28s7qzvWN4SVvsuLMbz5JdEqpwEGmDnDO5CKUJDD:a0QrTkRqSN4hlzHKqpw1554

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Trojan-Ransom.Win32.CryptXXX.xmt-9f44d57b6ce58d6900d5d6f8b14dca3178bb3960fc267f0fd557ae1fad98a01f

Files

Trojan-Ransom.Win32.CryptXXX.xmt-9f44d57b6ce58d6900d5d6f8b14dca3178bb3960fc267f0fd557ae1fad98a01f
.exe windows x86

6e4f08035f63f5dfe301cdc9e7f48fbf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DragAcceptFiles
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHFileOperationA
ExtractIconA
SHFree
SHCreateShellItem
ShellMessageBoxW
DragQueryFileA
SHGetMalloc
DllRegisterServer
ShellAboutA
FindExecutableA
DragQueryPoint

eappcfg

EapHostPeerFreeMemory
EapHostPeerConfigXml2Blob

comsvcs

CoCreateActivity
SafeRef
CoEnterServiceDomain
CoLoadServices

user32

CreateWindowExW
CharToOemW
LoadCursorA
InsertMenuA
LoadBitmapA
DrawEdge
DdeQueryStringA
LoadStringW
DrawTextExA
wsprintfA
GetIconInfo
SetCursorPos
IsDialogMessageA
DdeInitializeA
SetWindowTextA

kernel32

DeviceIoControl
InterlockedExchange
SetEnvironmentVariableA
CreateEventA
GetTickCount
GetSystemTime
MapViewOfFile
SleepEx
GetTimeFormatA
CreateFileA
GetLocaleInfoW
CopyFileW
QueryDosDeviceA
lstrcpyA
GetStartupInfoW
lstrcmpA
GetCommandLineA
GetModuleHandleA
FindFirstFileA
HeapFree
OpenEventW
GetProcAddress
CreateDirectoryW
GetLastError
GetProcessVersion
OpenMutexW

uxtheme

GetThemeTextExtent
GetThemeRect
GetThemeFont
GetWindowTheme
GetThemeTextMetrics
GetThemeSysSize
IsThemeActive
SetWindowTheme
GetThemeBool
CloseThemeData

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ