gandcrab | a5f87ee175a09fexeexeexeex[.]exe | Triage

Sharing

General

Target

a5f87ee175a09fexeexeexeex.exe
Size

108KB
MD5

a5f87ee175a09f219b6c10d20807eaed
SHA1

46f1dcf1f20cba28abacb4f38de8aeff69bc39dd
SHA256

ba63f4ee0b7fa7dfef6ddf75467f782c8ddeec37e669560790ec4f86508b4a44
SHA512

acda28aeb88c304abcd979a82d9dcd2ba31610306c477a79220f3757fd6878d3b88b707eaf8396e271e1a658a639ef44f71d09ef3877f553843f6a0c331ada7a
SSDEEP

1536:rppppppppppppZ6qFWH3J6/CncC8eMqqU+2bbbAV2/S2LNzHkcuLHEi:kbH3JieIeMqqDL2/LRHkc2

Score

10^/10

upx gandcrab

Malware Config

Signatures

GandCrab payload 1 IoCs

resource	yara_rule
sample	family_gandcrab

Gandcrab family
gandcrab

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5f87ee175a09fexeexeexeex.exe

Files

a5f87ee175a09fexeexeexeex.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE