J:\Win32Project9\Release\Win32Project9.pdb
Overview
overview
10Static
static
3Ransomware.7ev3n.exe
windows7-x64
Ransomware.7ev3n.exe
windows10-2004-x64
Ransomware...it.exe
windows7-x64
10Ransomware...it.exe
windows10-2004-x64
10Ransomware...us.exe
windows7-x64
10Ransomware...us.exe
windows10-2004-x64
10Ransomware...er.exe
windows7-x64
10Ransomware...er.exe
windows10-2004-x64
10MalwareCol...om.zip
windows7-x64
1MalwareCol...om.zip
windows10-2004-x64
1MalwareCol...v1.zip
windows7-x64
1MalwareCol...v1.zip
windows10-2004-x64
1MalwareCol...00.zip
windows7-x64
1MalwareCol...00.zip
windows10-2004-x64
1MalwareCol....0.zip
windows7-x64
1MalwareCol....0.zip
windows10-2004-x64
1MalwareCol....A.zip
windows7-x64
1MalwareCol....A.zip
windows10-2004-x64
1Static task
static1
Behavioral task
behavioral1
Sample
Ransomware.7ev3n.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Ransomware.7ev3n.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
Ransomware.BadRabbit.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Ransomware.BadRabbit.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral5
Sample
Ransomware.CoronaVirus.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Ransomware.CoronaVirus.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral7
Sample
Ransomware.CryptoLocker.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Ransomware.CryptoLocker.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral9
Sample
MalwareCollection-master/Ransomware/Ransomware.NoMoreRansom.zip
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
MalwareCollection-master/Ransomware/Ransomware.NoMoreRansom.zip
Resource
win10v2004-20240221-en
Behavioral task
behavioral11
Sample
MalwareCollection-master/Ransomware/Ransomware.WannaCrypt0r.v1.zip
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
MalwareCollection-master/Ransomware/Ransomware.WannaCrypt0r.v1.zip
Resource
win10v2004-20240221-en
Behavioral task
behavioral13
Sample
MalwareCollection-master/Trojan/Trojan.000.zip
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
MalwareCollection-master/Trojan/Trojan.000.zip
Resource
win10v2004-20240221-en
Behavioral task
behavioral15
Sample
MalwareCollection-master/Trojan/Trojan.MEMZ-4.0.zip
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
MalwareCollection-master/Trojan/Trojan.MEMZ-4.0.zip
Resource
win10v2004-20240221-en
Behavioral task
behavioral17
Sample
MalwareCollection-master/Worm/Email-Worm/Email-Worm.Mylife.A.zip
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
MalwareCollection-master/Worm/Email-Worm/Email-Worm.Mylife.A.zip
Resource
win10v2004-20240221-en
General
-
Target
MalwareCollection-master.zip
-
Size
57.3MB
-
MD5
b59aed5137772e644e29ad334dba17e0
-
SHA1
a2e545bbe058bddee0f7af68e21c3471d4abc3ab
-
SHA256
c6a916c33096cd488ca57c28863c433cf5279128aa50ea156761bab6444f4937
-
SHA512
daaa8ff6ddb53cb2c3c0218f73be43807982b13f0b5893a322bdd719e0f208b7b98586d0516b04e2e0f36c7dea45dde3fa8423c421f7d82cb9dbb14e3cede525
-
SSDEEP
1572864:9j/A/cygNPTitKk8Gq4+/34speZ0jqmhkv71Cg8a6Egs5:Z/ZygNPTitKkRqh/34sprj3q1C31Egs5
Malware Config
Signatures
-
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack002/Ransomware.7ev3n.exe unpack006/Ransomware.CoronaVirus.exe unpack008/Ransomware.CryptoLocker.exe
Files
-
MalwareCollection-master.zip.zip
Password: 3
-
MalwareCollection-master/LICENSE
-
MalwareCollection-master/README.md
-
MalwareCollection-master/Ransomware/Ransomware.7ev3n.zip.zip
Password: infected
-
Ransomware.7ev3n.exe.exe windows:6 windows x86 arch:x86
Password: 3
008aca28b7c001acc5e0ab32fabaad84
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GetCurrentProcess
ExitThread
SetEndOfFile
CreateFileW
HeapSize
WriteConsoleW
ReadConsoleW
SetStdHandle
FindFirstFileExW
FindClose
GetProcAddress
GetCommandLineW
GetCommandLineA
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WinExec
CreateProcessA
GetStartupInfoA
GetModuleFileNameW
CopyFileA
GetFileAttributesA
GetModuleFileNameA
FindNextFileW
GetLocalTime
FindFirstFileW
CreateThread
GetModuleHandleW
Sleep
GetLogicalDrives
VerifyVersionInfoW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileAttributesExW
GetExitCodeProcess
WaitForSingleObject
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
GetLastError
FreeLibrary
LoadLibraryExW
RaiseException
RtlUnwind
MoveFileExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetACP
HeapAlloc
HeapReAlloc
HeapFree
VerSetConditionMask
user32
ShowWindow
SendMessageW
FindWindowW
DrawTextA
CallNextHookEx
GetAsyncKeyState
DefWindowProcW
PostQuitMessage
DestroyWindow
KillTimer
InvalidateRect
SetTimer
EndPaint
SetWindowsHookExW
DrawTextW
BeginPaint
GetSystemMetrics
ShowCursor
DispatchMessageW
TranslateMessage
GetMessageW
SetForegroundWindow
SetWindowLongW
SetWindowPos
CreateWindowExW
RegisterClassExW
LoadCursorW
gdi32
MoveToEx
CreatePen
DeleteObject
SetTextColor
SetBkMode
SelectObject
CreateFontIndirectW
CreateSolidBrush
LineTo
advapi32
SystemFunction036
GetUserNameA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
shell32
ord680
wininet
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle
netapi32
NetUserGetInfo
Sections
.text Size: 174KB - Virtual size: 174KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 122KB - Virtual size: 121KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 840B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
MalwareCollection-master/Ransomware/Ransomware.BadRabbit.zip.zip
Password: infected
-
Ransomware.BadRabbit.exe.exe windows:5 windows x86 arch:x86
Password: 3
e3bda9df66f1f9b2b9b7b068518f2af1
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0e:bf:ea:68:d6:77:b3:e2:6c:ab:41:c3:3f:3e:69:deCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before16-12-2016 00:00Not After17-12-2017 23:59SubjectCN=Symantec Corporation,OU=STAR Security Engines,O=Symantec Corporation,L=Mountain View,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08-02-2010 00:00Not After07-02-2020 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
2e:6b:e6:bd:11:a8:67:6e:6c:57:90:9e:9b:0d:5f:57Certificate
IssuerCN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before15-03-2017 00:00Not After13-04-2018 23:59SubjectCN=Symantec Corporation,OU=STAR Security Engines,O=Symantec Corporation,L=Mountain View,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8Certificate
IssuerCN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before22-07-2014 00:00Not After21-07-2024 23:59SubjectCN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate
IssuerCN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before12-01-2016 00:00Not After11-01-2031 23:59SubjectCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate
IssuerCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before02-01-2017 00:00Not After01-04-2028 23:59SubjectCN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
c9:13:30:16:a3:e5:cf:bf:b1:aa:8b:50:d1:16:0f:a5:35:73:41:3d:4f:81:f8:71:05:4e:c7:39:6d:5a:8b:17Signer
Actual PE Digestc9:13:30:16:a3:e5:cf:bf:b1:aa:8b:50:d1:16:0f:a5:35:73:41:3d:4f:81:f8:71:05:4e:c7:39:6d:5a:8b:17Digest Algorithmsha256PE Digest Matchesfalsebd:ae:90:d3:3b:42:bf:69:31:7c:f4:d9:c1:9d:fd:c2:69:86:ca:f0Signer
Actual PE Digestbd:ae:90:d3:3b:42:bf:69:31:7c:f4:d9:c1:9d:fd:c2:69:86:ca:f0Digest Algorithmsha1PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ExitProcess
GetCommandLineW
GetFileSize
CreateProcessW
HeapAlloc
HeapFree
GetModuleHandleW
GetProcessHeap
WriteFile
GetSystemDirectoryW
ReadFile
GetModuleFileNameW
CreateFileW
lstrcatW
CloseHandle
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
user32
wsprintfW
shell32
CommandLineToArgvW
msvcrt
wcsstr
memcpy
free
malloc
Sections
.text Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 828B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 590B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
MalwareCollection-master/Ransomware/Ransomware.CoronaVirus.zip.zip
Password: infected
-
Ransomware.CoronaVirus.exe.exe windows:5 windows x86 arch:x86
Password: 3
d761cb0531b62176dc524988b5963190
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetProcAddress
CloseHandle
CreateFileW
HeapReAlloc
HeapSize
GlobalAlloc
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetProcessHeap
SetStdHandle
SetEnvironmentVariableA
GetThreadPriority
SetFilePointerEx
LoadLibraryA
SetEvent
ResetEvent
CreateEventA
GetEnvironmentStrings
GetConsoleWindow
SetEndOfFile
GetPriorityClass
FreeLibrary
EnumDateFormatsA
GetCurrentThread
GetLastError
GlobalAddAtomA
WaitForSingleObject
SetThreadPriority
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
GetCurrentProcess
FindNextFileA
FindFirstFileExA
FindClose
DecodePointer
GetStringTypeW
LCMapStringW
CompareStringW
CreateThread
WaitForSingleObjectEx
OutputDebugStringW
HeapAlloc
HeapFree
GetACP
WideCharToMultiByte
MultiByteToWideChar
ExitProcess
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetModuleFileNameA
GetFileType
GetStdHandle
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
RaiseException
EncodePointer
GlobalFree
GlobalLock
GlobalUnlock
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
BuildCommDCBA
SetCommTimeouts
SetCommState
GetCommTimeouts
GetCommState
WriteFile
ReadFile
FlushFileBuffers
CreateFileA
GetModuleHandleA
CreateEventW
SetPriorityClass
user32
SetClipboardData
GetClipboardData
EmptyClipboard
IsDlgButtonChecked
DefWindowProcA
TranslateMessage
RegisterWindowMessageW
ReleaseDC
EndPaint
CloseClipboard
OpenClipboard
DestroyWindow
ShowWindow
SetClassLongA
WindowFromDC
GetDesktopWindow
GetDlgItem
SendMessageA
LoadIconA
CheckMenuItem
GetCursorPos
BeginPaint
GetMessageW
CreateDialogParamW
GetDC
EndDialog
DialogBoxParamA
wsprintfA
OffsetRect
DispatchMessageW
TrackMouseEvent
SetWindowTextA
MessageBoxA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
SetWindowPos
IsIconic
GetWindowRect
AdjustWindowRectEx
ShowCursor
ClientToScreen
CopyRect
GetWindowLongA
SetWindowLongA
GetMonitorInfoA
EnumDisplayMonitors
GetSystemMetrics
LoadCursorA
ScreenToClient
SetRect
GetMessageA
DispatchMessageA
PeekMessageA
GetMessagePos
PostQuitMessage
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
UpdateWindow
SetActiveWindow
GetUpdateRect
InvalidateRect
ChildWindowFromPoint
MonitorFromWindow
ChangeDisplaySettingsExA
EnumDisplaySettingsA
SetCursorPos
SetCursor
GetClientRect
gdi32
ChoosePixelFormat
BitBlt
SelectObject
CreateDIBSection
GetTextExtentPoint32A
CreateCompatibleDC
GetNearestPaletteIndex
DeleteDC
SetViewportOrgEx
DeleteObject
CreateDCA
GetDeviceCaps
SetPixelFormat
DescribePixelFormat
SwapBuffers
GetPixelFormat
comdlg32
GetOpenFileNameA
FindTextW
advapi32
RegQueryValueExA
OpenSCManagerA
ControlService
RegOpenKeyA
OpenServiceA
RegCloseKey
RegOpenKeyExA
shell32
ord63
DragQueryFileA
ord62
DragFinish
ole32
CreateStreamOnHGlobal
oleaut32
CreateTypeLib2
CreateTypeLi
odbc32
ord157
ord156
ord155
opengl32
wglGetCurrentDC
glScissor
glDisableClientState
glMatrixMode
glBlendFunc
glLoadIdentity
glTexParameteri
glDeleteTextures
glPopMatrix
glViewport
glEnableClientState
glPopAttrib
glPolygonMode
glBindTexture
glGenTextures
glVertexPointer
glNormalPointer
glGetFloatv
glDrawArrays
glVertex2f
glTranslatef
glPushClientAttrib
glPopClientAttrib
glBitmap
glVertex2i
glRasterPos2i
glEnd
glColor4fv
glColor4f
glBegin
glGetString
glGetError
glGetBooleanv
glReadBuffer
glDrawBuffer
glFlush
wglMakeCurrent
wglGetProcAddress
wglGetCurrentContext
wglDeleteContext
wglCreateContext
glClearColor
glTexCoordPointer
glClear
glGetIntegerv
glPushAttrib
glOrtho
glPixelStorei
glPushMatrix
glDisable
glDrawElements
glTexEnvi
glColorPointer
glTexImage2D
glGetTexEnviv
glEnable
winmm
joyGetDevCapsA
timeBeginPeriod
timeEndPeriod
timeGetTime
joyGetPosEx
gdiplus
GdipCreateBitmapFromStream
GdipSaveImageToStream
GdipFree
GdipDisposeImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipCloneImage
ws2_32
closesocket
avifil32
AVIMakeCompressedStream
rpcrt4
UuidCreate
UuidToStringW
dbghelp
EnumerateLoadedModules
comsvcs
CoCreateActivity
imm32
ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext
Sections
.text Size: 563KB - Virtual size: 563KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 213KB - Virtual size: 212KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 37KB - Virtual size: 444KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 280B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 218KB - Virtual size: 218KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
MalwareCollection-master/Ransomware/Ransomware.CryptoLocker.zip.zip
Password: infected
-
Ransomware.CryptoLocker.exe.exe windows:5 windows x86 arch:x86
Password: 3
7e8ad4139efc6cbcf31df3bc4b291dd8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
_except_handler3
memcpy
memmove
_vsnprintf
_vsnwprintf
_purecall
memset
kernel32
LoadLibraryW
FreeLibrary
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
lstrcmpA
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
CreateMutexW
ReleaseMutex
FindResourceExW
LoadResource
SizeofResource
LockResource
CreateProcessW
SetFilePointerEx
FindNextFileW
SystemTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTime
GetDateFormatW
GetTimeFormatW
GetCurrentThreadId
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
GetEnvironmentVariableW
CopyFileExW
GetUserDefaultUILanguage
DeleteCriticalSection
FindClose
FindFirstFileW
DeleteFileW
GetFileTime
SetLastError
GetFileSizeEx
FlushFileBuffers
ReadFile
WriteFile
SetFileTime
ResumeThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
QueryPerformanceCounter
SetFileAttributesW
CreateFileW
GetFileAttributesW
Sleep
GetTickCount
MoveFileExW
ExpandEnvironmentStringsW
GetVolumeInformationW
GetDiskFreeSpaceExW
WaitForMultipleObjects
ResetEvent
GetTempPathW
GetLogicalDrives
GetDriveTypeW
LocalFree
CloseHandle
CreateEventW
GetLastError
GetHandleInformation
SetThreadPriority
GetModuleFileNameW
GetCurrentThread
GetModuleHandleW
SetEvent
GetComputerNameW
WaitForSingleObject
SetErrorMode
GetCommandLineW
ExitProcess
CreateThread
user32
MessageBoxIndirectW
InSendMessage
ClientToScreen
GetWindowLongW
GetClassNameW
GetCaretPos
TrackPopupMenu
AppendMenuW
GetCursorPos
CreatePopupMenu
SetMenuDefaultItem
DestroyMenu
LoadIconW
CloseClipboard
EmptyClipboard
OpenClipboard
SetClipboardData
SystemParametersInfoW
ScrollWindowEx
GetSystemMetrics
UpdateWindow
SetScrollInfo
MessageBoxW
EndPaint
ScreenToClient
GetWindowRect
DrawTextW
GetParent
GetClientRect
IsDialogMessageW
DestroyWindow
BeginPaint
DrawFocusRect
IntersectRect
GetDlgItem
SendMessageW
GetDlgCtrlID
SetWindowTextW
MoveWindow
GetDC
ReleaseDC
CharLowerW
PostQuitMessage
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
DispatchMessageW
SetTimer
PostMessageW
SetFocus
RegisterClassExW
FlashWindowEx
InvalidateRect
GetWindowTextW
MonitorFromWindow
SetWindowPos
ShowWindow
GetForegroundWindow
AdjustWindowRectEx
IsWindowVisible
GetMonitorInfoW
DefWindowProcW
DialogBoxParamW
SetWindowLongW
EndDialog
CreateDialogParamW
MonitorFromPoint
UnregisterClassW
SetForegroundWindow
GetKeyState
ReplyMessage
GetScrollInfo
CreateWindowExW
advapi32
CryptAcquireContextW
RegSetValueExW
RegEnumKeyExW
RegFlushKey
CryptSetKeyParam
CryptGetKeyParam
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptGenKey
CryptDestroyKey
CryptDecrypt
CryptGetHashParam
CryptCreateHash
CryptDestroyHash
CryptHashData
RegCreateKeyExW
RegCloseKey
CryptExportKey
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
shell32
SHGetFileInfoW
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
uxtheme
SetWindowTheme
gdi32
GetDeviceCaps
CreateSolidBrush
GetObjectW
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
SetBkColor
DeleteDC
SetTextColor
GetObjectA
CreateFontIndirectW
comctl32
InitCommonControlsEx
ord413
ord410
shlwapi
StrCmpW
StrCmpNW
StrCmpIW
PathMatchSpecW
PathRemoveBackslashW
PathAddBackslashW
ord12
PathFindFileNameW
PathRemoveFileSpecW
PathUnquoteSpacesW
StrChrW
PathQuoteSpacesW
msimg32
AlphaBlend
winhttp
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpWriteData
WinHttpOpenRequest
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpOpen
gdiplus
GdipAlloc
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipCloneImage
GdiplusStartup
GdipDeleteBrush
GdipCreateBitmapFromStream
GdipCreateFontFromLogfontA
GdipSetStringFormatLineAlign
GdipDeleteFont
GdipDeleteGraphics
GdipDrawImageRectI
GdipSetStringFormatAlign
GdipCreateSolidFill
GdipDrawString
GdipCreateFromHDC
GdipSetStringFormatHotkeyPrefix
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreateFontFromDC
GdipGetImageHeight
GdipGetImageWidth
GdiplusShutdown
GdipFree
GdipCloneBrush
ole32
CoInitializeEx
CoUninitialize
CoTaskMemFree
StringFromGUID2
crypt32
CryptImportPublicKeyInfo
CryptStringToBinaryA
CryptDecodeObjectEx
Sections
.text Size: 63KB - Virtual size: 62KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 248KB - Virtual size: 247KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
MalwareCollection-master/Ransomware/Ransomware.CryptoWall.zip.zip
-
MalwareCollection-master/Ransomware/Ransomware.GoldenEye.zip.zip
-
MalwareCollection-master/Ransomware/Ransomware.InfinityCrypt.zip.zip
-
MalwareCollection-master/Ransomware/Ransomware.Jigsaw.zip.zip
-
MalwareCollection-master/Ransomware/Ransomware.Locky.zip.zip
-
MalwareCollection-master/Ransomware/Ransomware.Mischa.v2.zip.zip
-
MalwareCollection-master/Ransomware/Ransomware.Mischa.zip.zip
-
MalwareCollection-master/Ransomware/Ransomware.NoMoreRansom.zip.zip
-
MalwareCollection-master/Ransomware/Ransomware.NotPetya.zip.zip
-
MalwareCollection-master/Ransomware/Ransomware.Petya.A.zip.zip
-
MalwareCollection-master/Ransomware/Ransomware.Satana.zip.zip
-
MalwareCollection-master/Ransomware/Ransomware.WannaCrypt0r.v1.zip.zip
-
MalwareCollection-master/Ransomware/Ransomware.WannaCrypt0r.v2.zip.zip
-
MalwareCollection-master/Trojan/Trojan.000.zip.zip
-
MalwareCollection-master/Trojan/Trojan.ANA.zip.zip
-
MalwareCollection-master/Trojan/Trojan.BUG32.zip.zip
-
MalwareCollection-master/Trojan/Trojan.Bonzify.zip.zip
-
MalwareCollection-master/Trojan/Trojan.BossDaMajor.zip.zip
-
MalwareCollection-master/Trojan/Trojan.ColorBug.zip.zip
-
MalwareCollection-master/Trojan/Trojan.DesktopPuzzle.zip.zip
-
MalwareCollection-master/Trojan/Trojan.MEMZ-3.0.zip.zip
-
MalwareCollection-master/Trojan/Trojan.MEMZ-4.0-Clean.zip.zip
-
MalwareCollection-master/Trojan/Trojan.MEMZ-4.0.zip.zip
-
MalwareCollection-master/Trojan/Trojan.MrsMajor2.0.zip.zip
-
MalwareCollection-master/Trojan/Trojan.MrsMajor3.0.zip.zip
-
MalwareCollection-master/Trojan/Trojan.NoEscape.zip.zip
-
MalwareCollection-master/Trojan/Trojan.RegFuck.zip.zip
-
MalwareCollection-master/Trojan/Trojan.Stuxnet.zip.zip
-
MalwareCollection-master/Trojan/Trojan.TaskILL.zip.zip
-
MalwareCollection-master/Trojan/Trojan.WaffMEMZ-1.0.zip.zip
-
MalwareCollection-master/Trojan/Trojan.YouAreAnIdiot.zip.zip
-
MalwareCollection-master/Virus/Virus.9X.WinNuke.zip.zip
-
MalwareCollection-master/Virus/Virus.AIDS.A.zip.zip
-
MalwareCollection-master/Virus/Virus.CIH.zip.zip
-
MalwareCollection-master/Virus/Virus.DOS.Brain.A.zip.zip
-
MalwareCollection-master/Virus/Virus.DOS.Brain.C.zip.zip
-
MalwareCollection-master/Virus/Virus.DOS.Brain.D.zip.zip
-
MalwareCollection-master/Virus/Virus.DOS.Brain.E.zip.zip
-
MalwareCollection-master/Virus/Virus.DOS.Brain.F.zip.zip
-
MalwareCollection-master/Virus/Virus.DOS.Brain.G.zip.zip
-
MalwareCollection-master/Virus/Virus.Melissa.zip.zip
-
MalwareCollection-master/Virus/Virus.Win32.CIH.zip.zip
-
MalwareCollection-master/Worm/Email-Worm/Email-Worm.AnnaKournikova.zip.zip
-
MalwareCollection-master/Worm/Email-Worm/Email-Worm.Magistr.zip.zip
-
MalwareCollection-master/Worm/Email-Worm/Email-Worm.MyDoom.A.zip.zip
-
MalwareCollection-master/Worm/Email-Worm/Email-Worm.MyDoom.L.zip.zip
-
MalwareCollection-master/Worm/Email-Worm/Email-Worm.MyDoom.M.zip.zip
-
MalwareCollection-master/Worm/Email-Worm/Email-Worm.MyDoom.NF.zip.zip
-
MalwareCollection-master/Worm/Email-Worm/Email-Worm.MyDoom.Q.zip.zip
-
MalwareCollection-master/Worm/Email-Worm/Email-Worm.Mylife.A.zip.zip
-
MalwareCollection-master/Worm/Email-Worm/Email-Worm.NakedWife.zip.zip
-
MalwareCollection-master/Worm/Email-Worm/Email-Worm.Nyxem.E.zip.zip
-
MalwareCollection-master/Worm/Net-Worm/Net-Worm.Sasser.zip.zip
-
MalwareCollection-master/Worm/Worm.Blaster.A.zip.zip
-
MalwareCollection-master/Worm/Worm.Blaster.E.zip.zip
-
MalwareCollection-master/Worm/Worm.CodeRed.A.zip.zip
-
MalwareCollection-master/Worm/Worm.ILOVEYOU.zip.zip
-
MalwareCollection-master/Worm/Worm.Klez.E.zip.zip
-
MalwareCollection-master/Worm/Worm.NetSky.B.zip.zip
-
MalwareCollection-master/Worm/Worm.Pikachu.zip.zip