Behavioral task
behavioral1
Sample
38481510x0000000000400000.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
38481510x0000000000400000.exe
Resource
win10v2004-20230703-en
General
-
Target
38481510x0000000000400000.dmp
-
Size
1.2MB
-
MD5
b5eb0c810625b38d8ed037b1af543a0c
-
SHA1
ab31699fd3ca400e9ceece15c5ad4d81569466e0
-
SHA256
1ae146ca5d407e92e8da96c1a7eedd34d2e28d95379c9ef0ad99553fe379fcc7
-
SHA512
34d1a4ccbc9ea672e6e237d7ef14ba5e517612d559a3c6706c06076e0823dea73e4114b87b59373e51c3407a1d25ff84f969867ead9445f443e2fb700d112975
-
SSDEEP
24576:ZBUIKn/vwOXGUXAjCymYZiVtElVIBT2roqnTSSxWeT/dRPOO8aWQHUq7:F0dwAYZt6C31WeTVRPOha7Uq7
Malware Config
Signatures
-
Detected Djvu ransomware 1 IoCs
resource yara_rule sample family_djvu -
Djvu family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 38481510x0000000000400000.dmp
Files
-
38481510x0000000000400000.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 809KB - Virtual size: 809KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 247KB - Virtual size: 246KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ