chaos | cf5705942d02b4585d0ee603e8773d888937e0f4221d38ea9404356a1d906392[.]zip

General

Target

cf5705942d02b4585d0ee603e8773d888937e0f4221d38ea9404356a1d906392.zip
Size

193KB
MD5

5ed7bdeb1fb3b361b61383ea22628d4c
SHA1

8d723dda82133720ccfd8645deff89ec7954bd56
SHA256

4e033694286336b94390fcb182f50d2e0a704bf6869d664a494fcfdc5200b59a
SHA512

cd30c4a330e024133485a46034f5fbed78fd2b0a8e6dace553d6a13db88828c96c7056c005cf4575ea6fbf4223950e9a33d06604d97b753454e43d8531999097
SSDEEP

3072:Y0u15vIuRyCTMhCoJh5Fda65sOyyIvWZdycw8xb3SU9hY3V/xvUSB6UzCh+Cp5Kg:tuX5RJMhCoJZ15sWIvWuPK7tSvihXGXQ

Score

10^/10

chaos

Chaos Ransomware 1 IoCs

resource	yara_rule
static1/unpack001/cf5705942d02b4585d0ee603e8773d888937e0f4221d38ea9404356a1d906392	family_chaos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cf5705942d02b4585d0ee603e8773d888937e0f4221d38ea9404356a1d906392

cf5705942d02b4585d0ee603e8773d888937e0f4221d38ea9404356a1d906392.zip
.zip

Password: infected
cf5705942d02b4585d0ee603e8773d888937e0f4221d38ea9404356a1d906392
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 439KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ