6dd5f873d9fc874df79072e7ecad929a4ff2e354aa777e2daf9130574b5a8028

Sharing

Copy URL

Twitter E-mail

General

Target

6dd5f873d9fc874df79072e7ecad929a4ff2e354aa777e2daf9130574b5a8028
Size

480KB
MD5

a299a825a018ddcc0a018712f5b2cfc1
SHA1

f2b679056389cd14780beb489207c7a43fcb9b5b
SHA256

6dd5f873d9fc874df79072e7ecad929a4ff2e354aa777e2daf9130574b5a8028
SHA512

6579c56c2f7fbccec1f8d233d46e3f465c6ebb539d0d8ed58fd39c21bbdf621247444326110db6409c6efd6c003634fca12e47ca76497c669dc13932e5c54526
SSDEEP

6144:JPeOMRSMvcRTjKT9yvTxC3ijOGfflLBhE8zmAfXbksXK1ws47:JPuRBERTjKuT0ijOcNLBa8zmRs6P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6dd5f873d9fc874df79072e7ecad929a4ff2e354aa777e2daf9130574b5a8028

Files

6dd5f873d9fc874df79072e7ecad929a4ff2e354aa777e2daf9130574b5a8028
.exe windows:4 windows x86 arch:x86

f691b8bd2afcdd14935420648e2ad845

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\ALL\Work\malware恶意软件分析\勒索软件\ransom_test\debug\encryptDoc.pdb

Imports

kernel32

GetLastError
SetFileAttributesA
GetFileAttributesA
FindClose
FindNextFileA
MoveFileA
FindFirstFileA
CompareStringW
CompareStringA
HeapValidate
IsBadReadPtr
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
DebugBreak
WideCharToMultiByte
IsDebuggerPresent
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReadFile
CloseHandle
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
RtlUnwind
WriteFile
GetConsoleCP
GetConsoleMode
GetModuleFileNameA
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
ExitProcess
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
GetCurrentThread
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualQuery
FreeLibrary
InitializeCriticalSection
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
SetConsoleCtrlHandler
LoadLibraryW
SetStdHandle
FlushFileBuffers
CreateFileA
WriteConsoleA
GetConsoleOutputCP
InterlockedExchange
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
SetEndOfFile
GetLocaleInfoW
GetTimeZoneInformation
SetEnvironmentVariableA

shlwapi

PathFileExistsA

Sections

.textbss
Size: - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f691b8bd2afcdd14935420648e2ad845

Headers

File Characteristics

PDB Paths

Imports

kernel32

shlwapi

Sections

.textbss Size: - Virtual size: 185KB

.text Size: 392KB - Virtual size: 391KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 8KB - Virtual size: 14KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 3KB

.textbss
Size: - Virtual size: 185KB

.text
Size: 392KB - Virtual size: 391KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 8KB - Virtual size: 14KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 3KB