gandcrab | 41b827fbb03571703249a8ef8261475a_gandcrab_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41b827fbb03571703249a8ef8261475a_gandcrab_JC.exe
Size

160KB
MD5

41b827fbb03571703249a8ef8261475a
SHA1

1fd39a784a0a6fd05c1e47ab131db51f9cded503
SHA256

5eea0cae12844cdea24cc0608e6c2c03e394b5853f4ee941a249017a234a7e59
SHA512

b4de5faf8e0e8d01307e476569458f38ddc659fd17b7ed67ca5293e16e622f00a203183c0492f668ef61573d030f4a93a505f90666d0b52a7b5e2c1a60660d6e
SSDEEP

3072:LYHVHd2NIMqqDL2/mr3IdE8we0Avu5r++ygLIaagvd3jRv9OtN:LyEqqDL64vdzREz

Score

10^/10

gandcrab

Malware Config

Signatures

GandCrab payload 1 IoCs

resource	yara_rule
sample	family_gandcrab

Gandcrab family
gandcrab

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41b827fbb03571703249a8ef8261475a_gandcrab_JC.exe

Files

41b827fbb03571703249a8ef8261475a_gandcrab_JC.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xObf
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE