SecuriteInfo[.]com[.]HEUR[.]Trojan-Ransom[.]Win32[.]Encoder[.]gen[.]9689[.]345[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.HEUR.Trojan-Ransom.Win32.Encoder.gen.9689.345.exe
Size

155KB
MD5

708a713dd89c2bf91728c6bcdb3639f0
SHA1

c414b739677503ed3cb1769c5e88762e1fd2ac80
SHA256

a42e197824c26a18a48488653d2a9ae0ba09f15daf44187c1e7cc47907cf477f
SHA512

1ad2e3c39af0084d9b1ddedcbd3d0419b7eba190a8f3b139a550b332406259ac9b3e85647f4143bf1828a0d8bb67cd66e8cc15d30097af290218ee9614eaac40
SSDEEP

3072:e5DM0uKcF8JOSTBfFKROTpx+GU1x+DnbWeZ:pVjSTBtKROTpx+GUD+Dnb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.HEUR.Trojan-Ransom.Win32.Encoder.gen.9689.345.exe

Files

SecuriteInfo.com.HEUR.Trojan-Ransom.Win32.Encoder.gen.9689.345.exe
.exe windows x86

1c0011ae5416a1054e6ecf68ba70f94f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle

mfc100u

ord897
ord11159
ord2852
ord2951
ord2952
ord3491
ord11116
ord2339
ord12951
ord5276
ord12557
ord12948
ord13047
ord10725
ord6156
ord13388
ord7109
ord13382
ord2665
ord3992
ord14067
ord5143
ord3999
ord4416
ord4383
ord4379
ord4413
ord4434
ord4392
ord4421
ord4430
ord4400
ord4404
ord4408
ord4396
ord4425
ord4388
ord1519
ord1512
ord1514
ord1508
ord1501
ord11244
ord11246
ord12724
ord2853
ord8393
ord10045
ord6247
ord11210
ord8112
ord13380
ord10937
ord3402
ord11081
ord8277
ord14060
ord14059
ord14132
ord14149
ord14145
ord14147
ord14148
ord14146
ord2418
ord7385
ord9333
ord2884
ord2887
ord12610
ord5558
ord5468
ord1905
ord4356
ord2185
ord6086
ord2824
ord2939
ord1226
ord1934
ord6117
ord2844
ord3763
ord1266
ord8273
ord5828
ord381
ord2756
ord2980
ord2981
ord9525
ord10412
ord10058
ord8179
ord948
ord11163
ord8347
ord2417
ord12606
ord5556
ord11123
ord10081
ord6711
ord788
ord1212
ord3261
ord5802
ord2746
ord3746
ord917
ord8264
ord3627
ord11209
ord11240
ord7391
ord11228
ord5261
ord3416
ord6140
ord890
ord13568
ord13571
ord13569
ord13572
ord13567
ord13570
ord7179
ord11469
ord13267
ord10976
ord14162
ord1739
ord7126
ord11864
ord3625
ord3684
ord8530
ord13387
ord7108
ord13381
ord11477
ord11476
ord2164
ord4744
ord13854
ord7176
ord4086
ord11784
ord11845
ord9498
ord11236
ord7548
ord1292
ord5467
ord7624
ord1300
ord4642
ord4923
ord5115
ord8346
ord9328
ord908
ord13605
ord2091
ord322
ord2045
ord1945
ord323
ord1301
ord7393
ord4792
ord6922
ord6932
ord6931
ord4623
ord4794
ord4645
ord5118
ord4901
ord8483
ord2089

msvcr100

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
memcpy
_vswprintf
swprintf_s
free
malloc
wcscpy_s
towupper
wcsncpy
__CxxFrameHandler3
sprintf
_vswprintf_c_l
exit

kernel32

InterlockedExchange
SetFileAttributesW
GetFileAttributesW
DeleteFileW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
MultiByteToWideChar
GetVolumeInformationW
GetCurrentDirectoryW
GetCurrentProcess
GetVersionExW
GetPrivateProfileIntW
SystemTimeToFileTime
GetLocalTime
LocalFree
LocalAlloc
GetTickCount
GetCurrentProcessId
Sleep
InterlockedCompareExchange
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent

user32

LoadIconW
DispatchMessageW
TranslateMessage
GetWindowLongW
LoadBitmapW
GetSystemMetrics
SendMessageW
EnableWindow
PeekMessageW

gdi32

Polyline
SetROP2
CreatePen
BitBlt
DeleteDC
CreateFontIndirectW
DeleteObject
SelectObject
GetObjectW
CreateCompatibleDC

advapi32

RegOpenKeyExW
RegEnumValueW
RegDeleteKeyW
RegEnumKeyExW
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegCloseKey

comctl32

InitCommonControlsEx

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c0011ae5416a1054e6ecf68ba70f94f

Headers

DLL Characteristics

File Characteristics

Imports

wininet

mfc100u

msvcr100

kernel32

user32

gdi32

advapi32

comctl32

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 2KB - Virtual size: 222KB

.rsrc Size: 47KB - Virtual size: 47KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 2KB - Virtual size: 222KB

.rsrc
Size: 47KB - Virtual size: 47KB

.reloc
Size: 18KB - Virtual size: 18KB