ransomware[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

ransomware.7z
Size

95KB
MD5

a6a7709759c2d9aae40ecd4814cfcf97
SHA1

1818680d7ce4fa6a7bba4b93ee0ec607f299ce46
SHA256

325f3501a201d30f6310911add8dde6533da65153582777a36b8abe63f09f1b5
SHA512

0c4e37df610072a5436c26a4702b07d6f7ab064956ef7b91678c32e761dd62c60cf75140282177b904e0a2f778f5b6178bacf4cfe8126101ee5dbf23b17bafb9
SSDEEP

1536:DrgKl23JScalakUCe8XCknN+ApLzWFcAQKQ1PXEoeQ4E83cb6T45NEbvrRutHUYp:DNiJS3akUCe8XOyXRAQKrfsek5mj9e0E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ransomware.exe

Files

ransomware.7z
.7z

Password: infected
ransomware.exe
.exe windows:4 windows x64 arch:x64

Password: infected

463007ddce77ec59cc3898b50662dc88

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libgcc_s_seh-1

_Unwind_Resume

kernel32

CreateHardLinkW
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetStartupInfoA
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
GetVolumeInformationW
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RemoveDirectoryW
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetEndOfFile
SetFilePointer
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
lstrlenA

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_close
_errno
_findclose
_fmode
_get_osfhandle
_initterm
_lseeki64
_onexit
_telli64
_wchdir
_wchmod
_wfindfirst64
_wfindnext64
_wfullpath
_wgetcwd
_time64
_wmkdir
_wopen
_wrename
_wstat64
_wutime64
abort
calloc
exit
fclose
fgetc
fopen
fprintf
fputc
free
fseek
ftell
fwrite
malloc
memcmp
memcpy
memmove
memset
rand
remove
rewind
signal
srand
strlen
strncmp
system
vfprintf
wcscat
wcscmp
wcscpy
wcslen

shell32

SHGetFolderPathA

libstdc++-6

_ZNKSt12__basic_fileIcE7is_openEv
_ZNKSt13runtime_error4whatEv
_ZNKSt19__codecvt_utf8_baseIwE10do_unshiftERiPcS2_RS2_
_ZNKSt19__codecvt_utf8_baseIwE11do_encodingEv
_ZNKSt19__codecvt_utf8_baseIwE13do_max_lengthEv
_ZNKSt19__codecvt_utf8_baseIwE16do_always_noconvEv
_ZNKSt19__codecvt_utf8_baseIwE5do_inERiPKcS3_RS3_PwS5_RS5_
_ZNKSt19__codecvt_utf8_baseIwE6do_outERiPKwS3_RS3_PcS5_RS5_
_ZNKSt19__codecvt_utf8_baseIwE9do_lengthERiPKcS3_y
_ZNKSt9type_infoeqERKS_
_ZNSaIcEC1ERKS_
_ZNSaIcEC1Ev
_ZNSaIcEC2ERKS_
_ZNSaIcED1Ev
_ZNSaIcED2Ev
_ZNSaIwEC1Ev
_ZNSaIwEC2ERKS_
_ZNSaIwED1Ev
_ZNSaIwED2Ev
_ZNSolsEPFRSoS_E
_ZNSolsEPSt15basic_streambufIcSt11char_traitsIcEE
_ZNSolsEj
_ZNSolsEy
_ZNSt11logic_errorC1EPKc
_ZNSt11logic_errorD1Ev
_ZNSt12__basic_fileIcE8sys_openEiSt13_Ios_Openmode
_ZNSt12__basic_fileIcED1Ev
_ZNSt12system_errorD2Ev
_ZNSt13basic_filebufIcSt11char_traitsIcEE27_M_allocate_internal_bufferEv
_ZNSt13basic_filebufIcSt11char_traitsIcEE4syncEv
_ZNSt13basic_filebufIcSt11char_traitsIcEE5closeEv
_ZNSt13basic_filebufIcSt11char_traitsIcEE5imbueERKSt6locale
_ZNSt13basic_filebufIcSt11char_traitsIcEE6setbufEPcx
_ZNSt13basic_filebufIcSt11char_traitsIcEE6xsgetnEPcx
_ZNSt13basic_filebufIcSt11char_traitsIcEE6xsputnEPKcx
_ZNSt13basic_filebufIcSt11char_traitsIcEE7seekoffExSt12_Ios_SeekdirSt13_Ios_Openmode
_ZNSt13basic_filebufIcSt11char_traitsIcEE7seekposESt4fposIiESt13_Ios_Openmode
_ZNSt13basic_filebufIcSt11char_traitsIcEE8overflowEi
_ZNSt13basic_filebufIcSt11char_traitsIcEE9pbackfailEi
_ZNSt13basic_filebufIcSt11char_traitsIcEE9showmanycEv
_ZNSt13basic_filebufIcSt11char_traitsIcEE9underflowEv
_ZNSt13basic_filebufIcSt11char_traitsIcEEC2Ev
_ZNSt13basic_filebufIcSt11char_traitsIcEED2Ev
_ZNSt13runtime_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt15basic_streambufIcSt11char_traitsIcEE5uflowEv
_ZNSt19__codecvt_utf8_baseIwED2Ev
_ZNSt3_V215system_categoryEv
_ZNSt3_V216generic_categoryEv
_ZNSt6localeC1Ev
_ZNSt6localeD1Ev
_ZNSt6thread15_M_start_threadESt10unique_ptrINS_6_StateESt14default_deleteIS1_EEPFvvE
_ZNSt6thread20hardware_concurrencyEv
_ZNSt6thread4joinEv
_ZNSt6thread6_StateD2Ev
_ZNSt7codecvtIwciEC2Ey
_ZNSt8ios_base4InitC1Ev
_ZNSt8ios_base4InitD1Ev
_ZNSt8ios_baseC2Ev
_ZNSt8ios_baseD2Ev
_ZNSt9basic_iosIcSt11char_traitsIcEE4initEPSt15basic_streambufIcS1_E
_ZSt11_Hash_bytesPKvyy
_ZSt17__throw_bad_allocv
_ZSt19__throw_logic_errorPKc
_ZSt20__throw_length_errorPKc
_ZSt24__throw_out_of_range_fmtPKcz
_ZSt4cerr
_ZSt4cout
_ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_
_ZSt9terminatev
_ZSt9use_facetISt7codecvtIwciEERKT_RKSt6locale
_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
_ZStlsIcSt11char_traitsIcESaIcEERSt13basic_ostreamIT_T0_ES7_RKNSt7__cxx1112basic_stringIS4_S5_T1_EE
_ZTISt13basic_filebufIcSt11char_traitsIcEE
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZTVN10__cxxabiv121__vmi_class_type_infoE
_ZTVNSt6thread6_StateE
_ZTVSo
_ZTVSt12system_error
_ZTVSt13basic_filebufIcSt11char_traitsIcEE
_ZTVSt15basic_streambufIcSt11char_traitsIcEE
_ZTVSt19__codecvt_utf8_baseIwE
_ZTVSt9basic_iosIcSt11char_traitsIcEE
_ZdlPv
_ZdlPvy
_Znwy
__cxa_allocate_exception
__cxa_begin_catch
__cxa_end_catch
__cxa_free_exception
__cxa_rethrow
__cxa_throw
__gxx_personality_seh0

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 512B - Virtual size: 329B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 1024B - Virtual size: 545B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 512B - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

463007ddce77ec59cc3898b50662dc88

Headers

File Characteristics

Imports

libgcc_s_seh-1

kernel32

msvcrt

shell32

libstdc++-6

Sections

.text Size: 138KB - Virtual size: 137KB

.data Size: 512B - Virtual size: 224B

.rdata Size: 6KB - Virtual size: 6KB

.pdata Size: 9KB - Virtual size: 8KB

.xdata Size: 14KB - Virtual size: 13KB

.bss Size: - Virtual size: 2KB

.idata Size: 9KB - Virtual size: 9KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

/4 Size: 512B - Virtual size: 80B

/19 Size: 8KB - Virtual size: 7KB

/31 Size: 512B - Virtual size: 329B

/45 Size: 1024B - Virtual size: 545B

/57 Size: 512B - Virtual size: 72B

/70 Size: 512B - Virtual size: 158B

.text
Size: 138KB - Virtual size: 137KB

.data
Size: 512B - Virtual size: 224B

.rdata
Size: 6KB - Virtual size: 6KB

.pdata
Size: 9KB - Virtual size: 8KB

.xdata
Size: 14KB - Virtual size: 13KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 9KB - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

/4
Size: 512B - Virtual size: 80B

/19
Size: 8KB - Virtual size: 7KB

/31
Size: 512B - Virtual size: 329B

/45
Size: 1024B - Virtual size: 545B

/57
Size: 512B - Virtual size: 72B

/70
Size: 512B - Virtual size: 158B