ransomware[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ransomware.rar
Size

2.9MB
MD5

7e627396919a7079fd35a012cb46e703
SHA1

66c252a0806bcc41d5e02286b4ae531642408e6f
SHA256

73334278860661415bada0b71624b75742a4682cf671a02a8b46251a0913693e
SHA512

2c11359ef8ee2f2ea0962602eaf360e44a77df83d7cd1541ce3ae94e9a2bca466cbe7a317a4d92f5fa063d49d50525f246c88c1d57c377f0e282d8452cc514a2
SSDEEP

49152:5YtbFd+FwSjhWaqv7yBSw9i4b1g8lDZxu0TR9TlqdqjxaJWqj:mkwSVef4NDW8qEOR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ransomware/Mercurial.exe

Files

ransomware.rar
.rar
ransomware/Mercurial.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\css\source\Mercurial Free\Mercurial\obj\Release\Mercurial.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ransomware/key.txt