makop | 92cc252d8eebc2d64aaf63f383eb549e46d115409ec2d537a3ff935b3f1ff40b

Sharing

Copy URL

Twitter E-mail

General

Target

92cc252d8eebc2d64aaf63f383eb549e46d115409ec2d537a3ff935b3f1ff40b
Size

42KB
MD5

c3eb80e8aa150aa10b82a5975c17a116
SHA1

3d8e7c04891606b47c27e8225c27f385de3100e5
SHA256

92cc252d8eebc2d64aaf63f383eb549e46d115409ec2d537a3ff935b3f1ff40b
SHA512

b676cfef912f24aa2e96ca2bc0b73e808702450f1d4439498f0ccd53248f4b6d88fa753d09e155da5d08bf3d77d794c36a16678774402f327263a3175c5e520d
SSDEEP

768:5O1oR/fVS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzDX5aBd69O59GKbup7IU5F:5FS1FKnDtkuImX4jHGKbj8

Score

10^/10

makop

Malware Config

Signatures

MAKOP ransomware payload 1 IoCs

resource	yara_rule
sample	family_makop

Makop family
makop

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
92cc252d8eebc2d64aaf63f383eb549e46d115409ec2d537a3ff935b3f1ff40b

Files

92cc252d8eebc2d64aaf63f383eb549e46d115409ec2d537a3ff935b3f1ff40b
.exe windows:4 windows x86 arch:x86

364f4eb85abb3fe033aa9cfae7ac6b24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

kernel32

ReadFile
CreateFileW
GetFileSizeEx
MoveFileW
SetFileAttributesW
HeapAlloc
GetCurrentProcess
HeapFree
GetProcessHeap
GetVersion
GetProcAddress
LoadLibraryA
GetCurrentProcessId
OpenProcess
SetFilePointerEx
GetModuleHandleA
DuplicateHandle
ExitProcess
GetEnvironmentVariableW
CreateProcessW
CreatePipe
LocalFree
GetCommandLineW
Process32NextW
CreateMutexA
CreateToolhelp32Snapshot
GetLocaleInfoW
GetModuleFileNameW
Process32FirstW
GetSystemWindowsDirectoryW
SetHandleInformation
GetTempPathW
GetTempFileNameW
CreateDirectoryW
WriteFile
Sleep
FindClose
GetLastError
GetFileAttributesW
GetLogicalDrives
WaitForSingleObject
CreateThread
GetVolumeInformationW
SetErrorMode
FindNextFileW
GetDriveTypeW
WaitForMultipleObjects
FindFirstFileW
TerminateProcess
DeleteCriticalSection
GetExitCodeProcess
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
CloseHandle
GetFileType
PeekNamedPipe

user32

wsprintfA
GetShellWindow
wsprintfW
GetWindowThreadProcessId
ReleaseDC
SystemParametersInfoW
DrawTextA
GetDC

gdi32

CreateFontW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
DeleteDC
SetTextColor
GetObjectW
GetDeviceCaps
GetDIBits

advapi32

CryptGenRandom
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
DuplicateTokenEx
OpenProcessToken
SetTokenInformation
GetTokenInformation
CryptDecrypt
CryptDestroyKey
CryptAcquireContextW
CryptSetKeyParam
CryptReleaseContext
CryptImportKey
CryptEncrypt

shell32

ord680
CommandLineToArgvW
SHGetSpecialFolderPathW

msimg32

GradientFill

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

364f4eb85abb3fe033aa9cfae7ac6b24

Headers

DLL Characteristics

File Characteristics

Imports

mpr

kernel32

user32

gdi32

advapi32

shell32

msimg32

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: - Virtual size: 72KB

.ndata Size: 11KB - Virtual size: 10KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: - Virtual size: 72KB

.ndata
Size: 11KB - Virtual size: 10KB