2024-01-25_b5ed88406d3ad540c017313e00db1525_gandcrab

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-25_b5ed88406d3ad540c017313e00db1525_gandcrab
Size

321KB
MD5

b5ed88406d3ad540c017313e00db1525
SHA1

2c63645ecc1eec0e93575b3560216456233d417a
SHA256

cf7bb252eed9499c7f2ffbeaefb68c1815a27a413c7a1307571779368d8c72f2
SHA512

5dbadd939e28cdef30c2830e40c022a9887f4cef9eb5dc4272d88054de358a9c85b9b106fab3e015e2f5c0d520eb6732d010695e7053850b0b6a852e89b33de6
SSDEEP

6144:ZYGr72IKAMl49DNXjaJf4A3aP0YIgimj1:lH2mc4NNGnKPVmg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-25_b5ed88406d3ad540c017313e00db1525_gandcrab

Files

2024-01-25_b5ed88406d3ad540c017313e00db1525_gandcrab
.exe windows:5 windows x86 arch:x86

fcb25543ea49a629a0087e4ea49dcf1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PulseEvent
lstrlenA
GlobalAlloc
PrepareTape
LoadLibraryA
FindFirstVolumeMountPointW
GetThreadPriority
VirtualProtect
AddConsoleAliasA
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
GetCPInfo
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
SetStdHandle
GetModuleHandleA

user32

DrawCaption
MapVirtualKeyW
IsChild
DeleteMenu
CreateCursor
GetWindowTextLengthA
GetMenuInfo
GetWindow

Sections

.
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.
Size: 7KB - Virtual size: 7.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fcb25543ea49a629a0087e4ea49dcf1e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

. Size: 83KB - Virtual size: 83KB

. Size: 17KB - Virtual size: 16KB

. Size: 7KB - Virtual size: 7.4MB

. Size: 186KB - Virtual size: 185KB

. Size: 26KB - Virtual size: 25KB

.
Size: 83KB - Virtual size: 83KB

.
Size: 17KB - Virtual size: 16KB

.
Size: 7KB - Virtual size: 7.4MB

.
Size: 186KB - Virtual size: 185KB

.
Size: 26KB - Virtual size: 25KB