gandcrab | 73049e407195d2_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

73049e407195d2_JC.exe
Size

117KB
MD5

73049e407195d2b954f329db496b1ac9
SHA1

48d065fe6db8972d04379b2b404485534114c998
SHA256

ff1d366e070478445c0b8b840a82838f41f98722268b3842e53130696d509599
SHA512

618155b45a102ad17f9c34a00e1703cf9cb6661d54d4c41c5a2e60e7b7147d0e110aaab6d3d5ab03ed1dbd88e35d4836611f44f97f3bb77e6e8ef3e5f0cadd96
SSDEEP

3072:Md5BJOoMqqDL2/OvvdHv3uqz3++OAYWgO:MdJODqqDL6gvdHveqi+GWgO

Score

10^/10

gandcrab

Malware Config

Signatures

GandCrab payload 1 IoCs

resource	yara_rule
sample	family_gandcrab

Gandcrab family
gandcrab

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73049e407195d2_JC.exe

Files

73049e407195d2_JC.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

_ReflectiveLoader@0

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 28KB - Virtual size: 28KB

.data Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 4B

.pdata Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 2KB

.idata Size: 1024B - Virtual size: 4KB

.rdata Size: 5KB - Virtual size: 8KB

.idata Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: 6KB - Virtual size: 8KB

.idata Size: 512B - Virtual size: 4KB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 28KB - Virtual size: 28KB

.data
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 4B

.pdata
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 2KB

.idata
Size: 1024B - Virtual size: 4KB

.rdata
Size: 5KB - Virtual size: 8KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 6KB - Virtual size: 8KB

.idata
Size: 512B - Virtual size: 4KB