Ransomware[.]Mischa[.]v2[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Ransomware.Mischa.v2.zip
Size

165KB
MD5

9f3ca0e1d356ccf73463d5b7cc1ef865
SHA1

bd0cfbb6889070164fc70b88de704efe62618b72
SHA256

e68204caf9924bd6ff9da3b1252592b46ee6f19887713d8f563cf152148764d9
SHA512

f6c514891598acf16e50caf7caddae2fbfb175de37b296b884bf0a75f782a89b52b9e276dd85e13345a19f88b06076b9ab1909ac085775b6bd54393e2a28cbde
SSDEEP

3072:PeUUyhHPfhcmW200RZN/onUggE5p4m92Ee5o0sMjWtjA1z2gya/Ckha:mwhe0RZeYE592lmpMjJ6anha

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Ransomware.Mischa.v2.exe

Files

Ransomware.Mischa.v2.zip
.zip

Password: infected
Ransomware.Mischa.v2.exe
.exe windows:6 windows x86 arch:x86

f49f0205185750caf2c9a1ab85519307

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ScriptedSandbox32.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
LoadLibraryExW
GetProcAddress
SizeofResource
LockResource
LoadResource
FindResourceW
FlushInstructionCache
CompareStringOrdinal
RaiseFailFastException
CloseHandle
ReadFile
WriteFile
CreatePipe
CreateThread
OpenProcess
GetModuleHandleW
DecodePointer
SetEvent
GetTempPathW
GetTempFileNameW
ReadProcessMemory
CreateEventW
WaitForSingleObject
WaitForMultipleObjects
ExitProcess
GetCurrentProcessId
GetVersion
GetCurrentProcess
SetLastError
GetCurrentThreadId
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
RaiseException
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
FindResourceExW
FindAtomW
AddAtomW
LoadLibraryW
GetFileAttributesW
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReadConsoleW
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
CreateFileW
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
GetFileType
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
GetCommandLineW

gdi32

CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps

user32

CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
GetWindowLongW
SetWindowLongW
DefWindowProcW
LoadCursorW
RegisterClassExW
UnregisterClassW
IsWindow
IsChild
GetFocus
SetFocus
GetWindow
PostMessageW
AttachThreadInput
InvalidateRgn
GetClientRect
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
GetParent
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
SetTimer
KillTimer
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetParent
GetAsyncKeyState
GetGUIThreadInfo
GetWindowThreadProcessId
SetProcessDPIAware
PostThreadMessageW
DispatchMessageW
TranslateMessage
PostQuitMessage
GetMessageW
GetDoubleClickTime
AllowSetForegroundWindow
GetMonitorInfoW
MonitorFromPoint
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
GetDlgItem
SendMessageW
GetClassNameW
GetSysColor
CharNextW
SetWindowPos
RedrawWindow

ole32

OleLockRunning
CoTaskMemFree
CoCreateInstance
CoGetClassObject
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemAlloc
CoInitializeEx
CoReleaseServerProcess
CoAddRefServerProcess
CoUninitialize
CoInitialize
IIDFromString
CreateBindCtx
CLSIDFromString
CLSIDFromProgID
CoGetMalloc

oleaut32

SysStringLen
SysFreeString
SysAllocString
OleCreateFontIndirect
SysStringByteLen
SysAllocStringByteLen
DispCallFunc
VariantChangeType
VarBstrCat
SysAllocStringLen
VariantInit
LoadTypeLi
LoadRegTypeLi
VariantClear

shlwapi

PathFindFileNameW
StrStrW
ord12

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wer

WerReportAddFile
WerReportCloseHandle
WerReportSubmit
WerReportSetParameter
WerReportCreate

urlmon

CreateUri

Sections

.text
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 829B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xxxx
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

f49f0205185750caf2c9a1ab85519307

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

ole32

oleaut32

shlwapi

version

wer

urlmon

Sections

.text Size: 249KB - Virtual size: 249KB

.data Size: 7KB - Virtual size: 16KB

.idata Size: 6KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1024B - Virtual size: 829B

.reloc Size: 14KB - Virtual size: 13KB

.xxxx Size: 512B - Virtual size: 4KB

.text
Size: 249KB - Virtual size: 249KB

.data
Size: 7KB - Virtual size: 16KB

.idata
Size: 6KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024B - Virtual size: 829B

.reloc
Size: 14KB - Virtual size: 13KB

.xxxx
Size: 512B - Virtual size: 4KB