Locker Chydnoy(DarkRed)[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Locker Chydnoy(DarkRed).exe
Size

183KB
MD5

921b19e2d03fb885e15d3dc4b47243e0
SHA1

dd377f23dc5f3ae63c6df957e42d32bc4d33dcb0
SHA256

f88eb1638e48aeac9a494457f5ae6a7ffa235cb511fb9d9cdb9c8ab5d3f940a1
SHA512

b100b6b950bed3a1cdd27d975c31dc598f48013d782ad65b4c091be880c60476f4c67350fd30f1d3e250877d5384ca80e33dbd0c5fb4243ff2cecd46c6f309b3
SSDEEP

3072:Cery4qBSqC9PbG4ZeHl921pn9nMrnZOheHLwbX3NrRmmqbk6Bus5BX:3rTbG4ZeHl921wwherqJqbF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Locker Chydnoy(DarkRed).exe

Files

Locker Chydnoy(DarkRed).exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ