chaos | 17557537bcb33f2a0ad3ff0caf7b084e63468144b2e6cb8180f6598adfdc5c9a[.]zip

General

Target

17557537bcb33f2a0ad3ff0caf7b084e63468144b2e6cb8180f6598adfdc5c9a.zip
Size

127KB
MD5

939eac5e0577ae2ae9c1906203f5fcb8
SHA1

1deac292abef38ef03ea8c71b1cc08add75ae1b6
SHA256

6d2d836dd77d6ab6c0e2bb263a1becfbcae1ec265b9485a80c54ac2d93c93dde
SHA512

8fa17a4e620e4a3ad621bfd2d71b0a478ebc6a9f8ebf71d0a8bbbeed125abb156ceae5067eca38ad64f40fc6b224fe61c654bcb4904349fa510b4b805777f526
SSDEEP

3072:ZgW/IF6fkvehd+/Koms9rBokWOUqmmy29pAz:ZgXF/vH/nV91oxvmy1z

Score

10^/10

chaos

Chaos Ransomware 1 IoCs

resource	yara_rule
static1/unpack001/17557537bcb33f2a0ad3ff0caf7b084e63468144b2e6cb8180f6598adfdc5c9a.exe	family_chaos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/17557537bcb33f2a0ad3ff0caf7b084e63468144b2e6cb8180f6598adfdc5c9a.exe

17557537bcb33f2a0ad3ff0caf7b084e63468144b2e6cb8180f6598adfdc5c9a.zip
.zip

Password: infected
17557537bcb33f2a0ad3ff0caf7b084e63468144b2e6cb8180f6598adfdc5c9a.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ