GandCrab[.]bin[.]zip

Resubmissions

02-06-2023 07:19

230602-h5gxlsag5w 10

02-06-2023 07:17

230602-h4j1ksag5t 10

Sharing

Copy URL

Twitter E-mail

General

Target

GandCrab.bin.zip
Size

82KB
MD5

45536c5f72fb2c872248b42cf2b2c634
SHA1

3aea1af9a60aff909ea0a22e0a07e88a84fca872
SHA256

d3de74ddc546c2433c769215bc295df8fc4ee31918e003657dc157aefa274243
SHA512

7eef9a957e0a7ba9986f10c0e7524684e26d783b273a089c5d921b4080d61481911da661249b561e3e6d840769d244a3ed1d19f7cbe9fe79d709ad4a8cfac76f
SSDEEP

1536:msmBJ14NYDMITNNHswMlsDFCqWfPphI4RmRiw/HeSOln7sfWtjONtwHWkHj3:mVPzwaNH+lshCZgAwAloWVEtUlD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GandCrab.bin

Files

GandCrab.bin.zip
.zip

Password: infected
GandCrab.bin
.exe windows x86

Password: infected

33399cd8cda4c37a1612457fe61b7e75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
GetFileInformationByHandle
GetThreadTimes
GetProcessTimes
TerminateThread
GetProcessId
GetLongPathNameA
GetThreadSelectorEntry
GetProcessHandleCount
lstrlenA
GetMailslotInfo
GetModuleHandleA
GlobalAlloc
VirtualProtect
CloseHandle
GetTickCount
GetProcessWorkingSetSize
TerminateProcess
FlushFileBuffers
WriteConsoleW
RaiseException
RtlUnwind
GetCommandLineA
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
IsProcessorFeaturePresent
HeapAlloc
GetLastError
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetProcAddress
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryW
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapReAlloc
SetStdHandle
CreateFileW

user32

SetScrollRange
EnableScrollBar
PostMessageA

gdi32

FillPath
StretchBlt
SetRectRgn
BeginPath

advapi32

InitiateSystemShutdownA
OpenEventLogW

msimg32

GradientFill

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

33399cd8cda4c37a1612457fe61b7e75

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msimg32

Sections

.text Size: 54KB - Virtual size: 53KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 5KB - Virtual size: 20KB

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 54KB - Virtual size: 53KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 5KB - Virtual size: 20KB

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 6KB - Virtual size: 5KB