djvu | ef7fb8e5c9ad45e5a5fbc088f2d0b35d[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef7fb8e5c9ad45e5a5fbc088f2d0b35d.bin
Size

545KB
MD5

7f29607810e040a22bd47dda6b3f9779
SHA1

9f0fc82079248f8f1e275489ccfc511df556200e
SHA256

a1e2eff52322543d9a9059b27ce285b721261403b5bd9206df28145a3aa9982f
SHA512

10d022db086ed55a732b096dd5496b94861b8ddbe7d26517d222f7f615613a37d9f41f2a4acb901a271e3047fec074b8bdbe6d91d22e8d57b7bb9b23eef92fef
SSDEEP

12288:oZp5dn/LaOJc+F8mM5o7XZDuuVruDHafJMuNVTaa:Q5d/xF8mvXZDOHKMO

Score

10^/10

djvu

Malware Config

Signatures

Detected Djvu ransomware 1 IoCs

resource	yara_rule
static1/unpack001/7f0c0a7c06251229a384eb10fb50e69b7ff5aa85ad138de70a5525882f95a695.exe	family_djvu

Djvu family
djvu

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7f0c0a7c06251229a384eb10fb50e69b7ff5aa85ad138de70a5525882f95a695.exe

Files

ef7fb8e5c9ad45e5a5fbc088f2d0b35d.bin
.zip

Password: infected
7f0c0a7c06251229a384eb10fb50e69b7ff5aa85ad138de70a5525882f95a695.exe
.exe windows:5 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 809KB - Virtual size: 809KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ