makop | 252465c176b85d4c80f79220bffbcf52693237ca12216a128d65568bef110952

Sharing

Copy URL Twitter E-mail

General

Target

252465c176b85d4c80f79220bffbcf52693237ca12216a128d65568bef110952
Size

49KB
MD5

b8d9f0b16c5ac6c716c703d3898eb8f0
SHA1

65546730f2100591ade4f83b5f90d8a83cd84998
SHA256

252465c176b85d4c80f79220bffbcf52693237ca12216a128d65568bef110952
SHA512

aa50c11118d0a302e621e9c04e68a03330b91500e5f0cf3db681668fa920c5499ec45c39f8877d71078f97004fa68a68eefbd2d1af33c4eeb631494b1ab5c358
SSDEEP

768:vaQRff5rB31aCytHLykiKPT3JATD2qBwV2ckjbnsb0Ah99De0YADodGtnhidVY4C:vas1318HxZATvnsblYOWwiDY4sx

Score

10^/10

makop

Malware Config

Signatures

MAKOP ransomware payload 1 IoCs

resource	yara_rule
sample	family_makop

Makop family
makop

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
252465c176b85d4c80f79220bffbcf52693237ca12216a128d65568bef110952

Files

252465c176b85d4c80f79220bffbcf52693237ca12216a128d65568bef110952
.exe windows:4 windows x86 arch:x86

b7b88f9fba96375d4eebc5d049319af3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW

kernel32

ReadFile
CreateFileW
GetFileSizeEx
MoveFileW
SetFileAttributesW
HeapAlloc
GetCurrentProcess
HeapFree
GetProcessHeap
GlobalAlloc
GlobalFree
GetVersion
PeekNamedPipe
GetProcAddress
LoadLibraryA
GetComputerNameW
SetEvent
CreateEventW
TerminateThread
SetFilePointerEx
GetFileType
GetModuleHandleA
DuplicateHandle
GetCurrentProcessId
ExitProcess
GetModuleHandleW
CreatePipe
LocalFree
GetCommandLineW
GetEnvironmentVariableW
CreateProcessW
GetLocaleInfoW
GetModuleFileNameW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetSystemWindowsDirectoryW
SetHandleInformation
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetStdHandle
WriteFile
Sleep
TryEnterCriticalSection
FindClose
GetLastError
GetFileAttributesW
GetLogicalDrives
WaitForSingleObject
CreateThread
GetVolumeInformationW
SetErrorMode
FindNextFileW
GetDriveTypeW
WaitForMultipleObjects
FindFirstFileW
TerminateProcess
DeleteCriticalSection
GetExitCodeProcess
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
CloseHandle
OpenProcess

user32

DialogBoxParamW
RegisterHotKey
PostMessageW
EndDialog
KillTimer
ShowWindow
wsprintfA
MessageBoxW
SetWindowTextA
SendMessageW
GetShellWindow
UnregisterHotKey
SetTimer
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
CloseClipboard
GetWindowTextA
EmptyClipboard
GetDlgItem
OpenClipboard
GetWindowThreadProcessId
ReleaseDC
SystemParametersInfoW
GetDC
DrawTextA
EnableWindow
SetClipboardData
wsprintfW

gdi32

SetTextColor
DeleteDC
GetDeviceCaps
GetDIBits
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontW
GetObjectW
DeleteObject
SelectObject
SetBkMode

advapi32

CryptGenRandom
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
DuplicateTokenEx
OpenProcessToken
SetTokenInformation
GetTokenInformation
CryptDecrypt
CryptAcquireContextW
CryptSetKeyParam
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptDestroyKey

shell32

ord680
ShellExecuteExW
CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoTaskMemFree
CoUninitialize

msimg32

GradientFill

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7b88f9fba96375d4eebc5d049319af3

Headers

DLL Characteristics

File Characteristics

Imports

mpr

kernel32

user32

gdi32

advapi32

shell32

ole32

msimg32

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: - Virtual size: 80KB

.ndata Size: 11KB - Virtual size: 10KB

.rsrc Size: 1024B - Virtual size: 760B

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: - Virtual size: 80KB

.ndata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 760B