gandcrab | 2cf5bd986cf3cf6cae8b5e4d163fc923d34abad5f82a456234aa1ca3b3327a19[.]zip

General

Target

2cf5bd986cf3cf6cae8b5e4d163fc923d34abad5f82a456234aa1ca3b3327a19.zip
Size

98KB
MD5

075c78fae3be82b276c72135c1317b53
SHA1

95d3b2235d275b9589130cf7a916419e1cdf0042
SHA256

4063baa95439220ebce6f6c5e511220f5b91690f8cdf1872bae67e73f6f2853d
SHA512

d40da8028ba7cc05439600f1255aff66212638bc82e286dd1ecb233b441de08b652bc96da632c46ab3a8fa57b7b114bbfed0fd6fc77cbf197b423b369a992357
SSDEEP

1536:vT6/yJzO7lK9y4YNGiHEqLYKCFnr1IN9Yk9I6gtwpzPEBdCsel1jqOwxraZEu9+T:b6qJww9OEq0KC9rTy1zP8ChjqnrEEu94

Score

10^/10

gandcrab

GandCrab payload 1 IoCs

resource	yara_rule
static1/unpack001/2cf5bd986cf3cf6cae8b5e4d163fc923d34abad5f82a456234aa1ca3b3327a19.exe	family_gandcrab

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2cf5bd986cf3cf6cae8b5e4d163fc923d34abad5f82a456234aa1ca3b3327a19.exe

2cf5bd986cf3cf6cae8b5e4d163fc923d34abad5f82a456234aa1ca3b3327a19.zip
.zip

Password: infected
2cf5bd986cf3cf6cae8b5e4d163fc923d34abad5f82a456234aa1ca3b3327a19.exe
.exe windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ