chaos | 37ca1cfa1f30b57408d3e855f98f9e5fd6900b23643bbc0c6163a875edf00b60_ransomware[.]exe

General

Target

37ca1cfa1f30b57408d3e855f98f9e5fd6900b23643bbc0c6163a875edf00b60_ransomware.exe
Size

381KB
MD5

d834a49aa904dc2ed52bcae916e156ae
SHA1

f93d8c1fceac04ea6c0dda0eb7611512cae51ba9
SHA256

e5811a9f17c42d1e9618879c68ec9fa2fbdf76a54530e8c5ee27044c5b44c50e
SHA512

e6d5d6f09ddaf2c05d08f39c8abddd74afc4499bc966f45a9e6356c66e1299d7a780bf8ef3b4903cece34a04a7fb7b32a1cfe2e10ec632107f3ee702860e85bb
SSDEEP

6144:uIoGnG/8PUn+u49CbH+Xeb+7iVI9ViGEMkgi2H+jTdIVslI04mmUDVY+dTcOFdph:uIo6DPLvsbeub+mV8iTTdXKgmEYrONCa

Score

10^/10

chaos

Chaos Ransomware 1 IoCs

resource	yara_rule
static1/unpack001/Device/HarddiskVolume4/Users/Admin/Desktop/37ca1cfa1f30b57408d3e855f98f9e5fd6900b23643bbc0c6163a875edf00b60_ransomware.exe	family_chaos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume4/Users/Admin/Desktop/37ca1cfa1f30b57408d3e855f98f9e5fd6900b23643bbc0c6163a875edf00b60_ransomware.exe

37ca1cfa1f30b57408d3e855f98f9e5fd6900b23643bbc0c6163a875edf00b60_ransomware.exe
.zip

Password: YOIN=Tp689~u%u7n6|)x
Device/HarddiskVolume4/Users/Admin/Desktop/37ca1cfa1f30b57408d3e855f98f9e5fd6900b23643bbc0c6163a875edf00b60_ransomware.exe
.exe windows x86

Password: YOIN=Tp689~u%u7n6|)x

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 850KB - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json