2024-02-13_801134871d944957959f541ce4e7dc13_ransomlock | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-13_801134871d944957959f541ce4e7dc13_ransomlock
Size

1.3MB
MD5

801134871d944957959f541ce4e7dc13
SHA1

1e79f53a027b6aa921934ed43672cabcc5e3ed60
SHA256

acef67fef3279db0b0c7bec48baa445674c9d9abd5648a560b66fdc1e0f05a6e
SHA512

69d7833971481fdec756f8a0733f53a40cd73545d77671e5236760b2518062ddd84b5a6cc67d47482dda069a396dd08aaf583116f2aa1d0ae275ab4d91d0973e
SSDEEP

24576:Aw8gCCgWDAe1wLiBnGHpq0Iylpn0oCcTQ0EbO:x8g3nuEUr0rcT8O

Score

10^/10

Malware Config

Signatures

Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-13_801134871d944957959f541ce4e7dc13_ransomlock

Files

2024-02-13_801134871d944957959f541ce4e7dc13_ransomlock
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 260KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ