Ransomware[.]CoronaVirus[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Ransomware.CoronaVirus.zip
Size

544KB
MD5

e05146cadbac7e5174c37b624de0a446
SHA1

759662aa81e34e0e9a36bedd2137d96f11e18947
SHA256

d7f8f5e34e13cd7395ac8aa7d3fe83016867e81c8915a059cb3d8568e809a2eb
SHA512

89f74ddc835946450e1ab47f2f204e8a7b60aae5aed20998fba23235f9e791d5e68b9c2b035438235890964bba792c8cd96208f5dca1a0016fa099416536e2da
SSDEEP

12288:hvSp072dbrzvTDIWQuijD7/ebN22SH5uw3M5ehx77bON:hap07obvTDIWGjD7AFA5umMw77bON

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Ransomware.CoronaVirus.exe

Files

Ransomware.CoronaVirus.zip
.zip

Password: infected
Ransomware.CoronaVirus.exe
.exe windows:5 windows x86 arch:x86

d761cb0531b62176dc524988b5963190

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
CloseHandle
CreateFileW
HeapReAlloc
HeapSize
GlobalAlloc
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetProcessHeap
SetStdHandle
SetEnvironmentVariableA
GetThreadPriority
SetFilePointerEx
LoadLibraryA
SetEvent
ResetEvent
CreateEventA
GetEnvironmentStrings
GetConsoleWindow
SetEndOfFile
GetPriorityClass
FreeLibrary
EnumDateFormatsA
GetCurrentThread
GetLastError
GlobalAddAtomA
WaitForSingleObject
SetThreadPriority
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
GetCurrentProcess
FindNextFileA
FindFirstFileExA
FindClose
DecodePointer
GetStringTypeW
LCMapStringW
CompareStringW
CreateThread
WaitForSingleObjectEx
OutputDebugStringW
HeapAlloc
HeapFree
GetACP
WideCharToMultiByte
MultiByteToWideChar
ExitProcess
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetModuleFileNameA
GetFileType
GetStdHandle
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
RaiseException
EncodePointer
GlobalFree
GlobalLock
GlobalUnlock
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
BuildCommDCBA
SetCommTimeouts
SetCommState
GetCommTimeouts
GetCommState
WriteFile
ReadFile
FlushFileBuffers
CreateFileA
GetModuleHandleA
CreateEventW
SetPriorityClass

user32

SetClipboardData
GetClipboardData
EmptyClipboard
IsDlgButtonChecked
DefWindowProcA
TranslateMessage
RegisterWindowMessageW
ReleaseDC
EndPaint
CloseClipboard
OpenClipboard
DestroyWindow
ShowWindow
SetClassLongA
WindowFromDC
GetDesktopWindow
GetDlgItem
SendMessageA
LoadIconA
CheckMenuItem
GetCursorPos
BeginPaint
GetMessageW
CreateDialogParamW
GetDC
EndDialog
DialogBoxParamA
wsprintfA
OffsetRect
DispatchMessageW
TrackMouseEvent
SetWindowTextA
MessageBoxA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
SetWindowPos
IsIconic
GetWindowRect
AdjustWindowRectEx
ShowCursor
ClientToScreen
CopyRect
GetWindowLongA
SetWindowLongA
GetMonitorInfoA
EnumDisplayMonitors
GetSystemMetrics
LoadCursorA
ScreenToClient
SetRect
GetMessageA
DispatchMessageA
PeekMessageA
GetMessagePos
PostQuitMessage
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
UpdateWindow
SetActiveWindow
GetUpdateRect
InvalidateRect
ChildWindowFromPoint
MonitorFromWindow
ChangeDisplaySettingsExA
EnumDisplaySettingsA
SetCursorPos
SetCursor
GetClientRect

gdi32

ChoosePixelFormat
BitBlt
SelectObject
CreateDIBSection
GetTextExtentPoint32A
CreateCompatibleDC
GetNearestPaletteIndex
DeleteDC
SetViewportOrgEx
DeleteObject
CreateDCA
GetDeviceCaps
SetPixelFormat
DescribePixelFormat
SwapBuffers
GetPixelFormat

comdlg32

GetOpenFileNameA
FindTextW

advapi32

RegQueryValueExA
OpenSCManagerA
ControlService
RegOpenKeyA
OpenServiceA
RegCloseKey
RegOpenKeyExA

shell32

ord63
DragQueryFileA
ord62
DragFinish

ole32

CreateStreamOnHGlobal

oleaut32

CreateTypeLib2
CreateTypeLi

odbc32

ord157
ord156
ord155

opengl32

wglGetCurrentDC
glScissor
glDisableClientState
glMatrixMode
glBlendFunc
glLoadIdentity
glTexParameteri
glDeleteTextures
glPopMatrix
glViewport
glEnableClientState
glPopAttrib
glPolygonMode
glBindTexture
glGenTextures
glVertexPointer
glNormalPointer
glGetFloatv
glDrawArrays
glVertex2f
glTranslatef
glPushClientAttrib
glPopClientAttrib
glBitmap
glVertex2i
glRasterPos2i
glEnd
glColor4fv
glColor4f
glBegin
glGetString
glGetError
glGetBooleanv
glReadBuffer
glDrawBuffer
glFlush
wglMakeCurrent
wglGetProcAddress
wglGetCurrentContext
wglDeleteContext
wglCreateContext
glClearColor
glTexCoordPointer
glClear
glGetIntegerv
glPushAttrib
glOrtho
glPixelStorei
glPushMatrix
glDisable
glDrawElements
glTexEnvi
glColorPointer
glTexImage2D
glGetTexEnviv
glEnable

winmm

joyGetDevCapsA
timeBeginPeriod
timeEndPeriod
timeGetTime
joyGetPosEx

gdiplus

GdipCreateBitmapFromStream
GdipSaveImageToStream
GdipFree
GdipDisposeImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipCloneImage

ws2_32

closesocket

avifil32

AVIMakeCompressedStream

rpcrt4

UuidCreate
UuidToStringW

dbghelp

EnumerateLoadedModules

comsvcs

CoCreateActivity

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

Sections

.text
Size: 563KB - Virtual size: 563KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

d761cb0531b62176dc524988b5963190

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

odbc32

opengl32

winmm

gdiplus

ws2_32

avifil32

rpcrt4

dbghelp

comsvcs

imm32

Sections

.text Size: 563KB - Virtual size: 563KB

.rdata Size: 213KB - Virtual size: 212KB

.data Size: 37KB - Virtual size: 444KB

.gfids Size: 512B - Virtual size: 280B

_RDATA Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.text Size: 2KB - Virtual size: 1KB

.rsrc Size: 218KB - Virtual size: 218KB

.text
Size: 563KB - Virtual size: 563KB

.rdata
Size: 213KB - Virtual size: 212KB

.data
Size: 37KB - Virtual size: 444KB

.gfids
Size: 512B - Virtual size: 280B

_RDATA
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.text
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 218KB - Virtual size: 218KB