djvu | 8815964ed6c37a423f6019b2b69e7967[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8815964ed6c37a423f6019b2b69e7967.bin
Size

546KB
MD5

e1cab697b342690d41ccd3f96fe9dd55
SHA1

56e4da2a0e84f8328f346dd7c0e58f419ee4cb65
SHA256

18577c3b10f504a3ab059b1cfa2f6ccf2b54f64e713d6f1abdaca6fd3ceac0ca
SHA512

4041268de82e10d612406d2743483e40394d3a552850efd8e3bcbfa739f1940629e9e6dea98c10c06f2a7ffa4a243c6ea06672a17570f6828d7d932d5c73bc4b
SSDEEP

12288:mVZx4XOEY/58PxtuDZ38d/9RqsR4MNmX1thN+UxoWLpps:Ax4Y/54oZ36OOvN42Uxw

Score

10^/10

djvu

Malware Config

Signatures

Detected Djvu ransomware 1 IoCs

resource	yara_rule
static1/unpack001/2d301697ff72986171c0b2ccc979ab8e93671d640de6abad57de7d4e146b70f4.exe	family_djvu

Djvu family
djvu

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2d301697ff72986171c0b2ccc979ab8e93671d640de6abad57de7d4e146b70f4.exe

Files

8815964ed6c37a423f6019b2b69e7967.bin
.zip

Password: infected
2d301697ff72986171c0b2ccc979ab8e93671d640de6abad57de7d4e146b70f4.exe
.exe windows:5 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 809KB - Virtual size: 809KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ