Trojan-Ransom[.]Win32[.]GenericCryptor[.]czx-308e2d9a98066c0789a73be20246262b10d29d5b0859421ede2274af17a57190 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Trojan-Ransom.Win32.GenericCryptor.czx-308e2d9a98066c0789a73be20246262b10d29d5b0859421ede2274af17a57190
Size

467KB
MD5

4e573e2371d005c4b87d4f6d763531f2
SHA1

2b07fb3ec245aa24b2799a9d225207fcd2a0d56f
SHA256

308e2d9a98066c0789a73be20246262b10d29d5b0859421ede2274af17a57190
SHA512

05e3f12a871bcfad6eead8ef8636c98914beef04ec48a3ffcd13b103dfe132efb9649cb32eddc9f931852cbba21d41a0148ca99be4a749c1f16cafd580c0f228
SSDEEP

12288:olJ+TFukCI+P9CcrmwEuBwUqA5qFbAGTALHaspT:00U9CcrmwEPA5qFxT7CT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Trojan-Ransom.Win32.GenericCryptor.czx-308e2d9a98066c0789a73be20246262b10d29d5b0859421ede2274af17a57190

Files

Trojan-Ransom.Win32.GenericCryptor.czx-308e2d9a98066c0789a73be20246262b10d29d5b0859421ede2274af17a57190
.exe windows:5 windows x86 arch:x86

46b9336adb2f672dcc7203d78b439246

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\PMS\pms4\Project(20131004)\GolfProject\bin\GolfProject.pdb

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

DestroyMenu

advapi32

RegQueryValueExW

shell32

ShellExecuteW

ws2_32

recv

iphlpapi

GetAdaptersInfo

oleacc

LresultFromObject

gdi32

DeleteDC

winspool.drv

DocumentPropertiesW

oleaut32

VariantClear

Sections

.text
Size: 456KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE