chaos | fab1bd762efe77accc52cf6f4ff4f6ef5178d7a6b8868f452f880c078c95fe6b[.]zip

General

Target

fab1bd762efe77accc52cf6f4ff4f6ef5178d7a6b8868f452f880c078c95fe6b.zip
Size

79KB
MD5

8dd7f5d83d96d22ad28d3d82d3150e9b
SHA1

a44832f3ee5697311b255eb06761c3110c9e769e
SHA256

3b37d1c6e38cceba65464761d5b15d4ba2fb3204a79e2469d50d45446965196d
SHA512

1fd30f9a53da6d301f5b8e8c362516d45a2497e61b92ac10361729ee795dc9e6a9e232559ff8627a1aac5ec55a7b91a4626cf423a1e9538c39103ca728d5860f
SSDEEP

1536:WFNmbqRk5KsTzM0/qUkUa+yiuArS3/pjXbhR3IE8sa1GHsBoy1mU3:WF3QCUH1u8S3BdSEo8Ha1mK

Score

10^/10

chaos

Chaos Ransomware 1 IoCs

resource	yara_rule
static1/unpack001/fab1bd762efe77accc52cf6f4ff4f6ef5178d7a6b8868f452f880c078c95fe6b	family_chaos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fab1bd762efe77accc52cf6f4ff4f6ef5178d7a6b8868f452f880c078c95fe6b

fab1bd762efe77accc52cf6f4ff4f6ef5178d7a6b8868f452f880c078c95fe6b.zip
.zip

Password: infected
fab1bd762efe77accc52cf6f4ff4f6ef5178d7a6b8868f452f880c078c95fe6b
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ