makop | 7D630EF735EA9607D50B8BA425DB224FC686B7682A492BAEEBBCD66E92582C4F[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

7D630EF735EA9607D50B8BA425DB224FC686B7682A492BAEEBBCD66E92582C4F.zip
Size

28KB
MD5

f5453e62c02e1d91e90e05d2d003b52d
SHA1

ae45c74c79445fd1b6b75edf9fc38f1fa82d9b43
SHA256

ad04ee3c63977af8fac251f022cccc13f292def20e565aec8324cc43a96861b4
SHA512

65685e784935d8a9f044fe3d2074d038d1d6d04a0c119e81ab183a42d1c24b7e56ca13a00ff68d03114b998fa75690f5a6fd53a4f65d1a48f1befe2f36f2d5fd
SSDEEP

768:SuZhg1ecuq1coNVJ0VELodriaVtKkQoHQ+j21Vu:SuZEecu+dwvdxml+y1Vu

Score

10^/10

makop

Malware Config

Signatures

MAKOP ransomware payload 1 IoCs

resource	yara_rule
static1/unpack001/7D630EF735EA9607D50B8BA425DB224FC686B7682A492BAEEBBCD66E92582C4F	family_makop

Makop family
makop

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7D630EF735EA9607D50B8BA425DB224FC686B7682A492BAEEBBCD66E92582C4F

Files

7D630EF735EA9607D50B8BA425DB224FC686B7682A492BAEEBBCD66E92582C4F.zip
.zip

Password: infected
7D630EF735EA9607D50B8BA425DB224FC686B7682A492BAEEBBCD66E92582C4F
.exe windows x86

Password: infected.

364f4eb85abb3fe033aa9cfae7ac6b24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

kernel32

ReadFile
CreateFileW
GetFileSizeEx
MoveFileW
SetFileAttributesW
HeapAlloc
GetCurrentProcess
HeapFree
GetProcessHeap
GetVersion
GetProcAddress
LoadLibraryA
GetCurrentProcessId
OpenProcess
SetFilePointerEx
GetModuleHandleA
DuplicateHandle
ExitProcess
GetEnvironmentVariableW
CreateProcessW
CreatePipe
LocalFree
GetCommandLineW
Process32NextW
CreateMutexA
CreateToolhelp32Snapshot
GetLocaleInfoW
GetModuleFileNameW
Process32FirstW
GetSystemWindowsDirectoryW
SetHandleInformation
GetTempPathW
GetTempFileNameW
CreateDirectoryW
WriteFile
Sleep
FindClose
GetLastError
GetFileAttributesW
GetLogicalDrives
WaitForSingleObject
CreateThread
GetVolumeInformationW
SetErrorMode
FindNextFileW
GetDriveTypeW
WaitForMultipleObjects
FindFirstFileW
TerminateProcess
DeleteCriticalSection
GetExitCodeProcess
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
CloseHandle
GetFileType
PeekNamedPipe

user32

wsprintfA
GetShellWindow
wsprintfW
GetWindowThreadProcessId
ReleaseDC
SystemParametersInfoW
DrawTextA
GetDC

gdi32

CreateFontW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
DeleteDC
SetTextColor
GetObjectW
GetDeviceCaps
GetDIBits

advapi32

CryptGenRandom
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
DuplicateTokenEx
OpenProcessToken
SetTokenInformation
GetTokenInformation
CryptDecrypt
CryptDestroyKey
CryptAcquireContextW
CryptSetKeyParam
CryptReleaseContext
CryptImportKey
CryptEncrypt

shell32

ord680
CommandLineToArgvW
SHGetSpecialFolderPathW

msimg32

GradientFill

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected.

364f4eb85abb3fe033aa9cfae7ac6b24

Headers

DLL Characteristics

File Characteristics

Imports

mpr

kernel32

user32

gdi32

advapi32

shell32

msimg32

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: - Virtual size: 72KB

.ndata Size: 11KB - Virtual size: 10KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: - Virtual size: 72KB

.ndata
Size: 11KB - Virtual size: 10KB