J:\Win32Project9\Release\Win32Project9.pdb
Overview
overview
10Static
static
10ransomware...3n.exe
windows7-x64
ransomware...3n.exe
windows10-2004-x64
ransomware...le.exe
windows7-x64
ransomware...le.exe
windows10-2004-x64
ransomware...it.exe
windows7-x64
10ransomware...it.exe
windows10-2004-x64
10ransomware...le.exe
windows10-2004-x64
10ransomware... 5.exe
windows7-x64
10ransomware... 5.exe
windows10-2004-x64
10ransomware...de.exe
windows7-x64
10ransomware...de.exe
windows10-2004-x64
10ransomware...ck.exe
windows7-x64
7ransomware...ck.exe
windows10-2004-x64
7ransomware...ye.exe
windows7-x64
6ransomware...ye.exe
windows10-2004-x64
6ransomware...ap.exe
windows7-x64
6ransomware...ap.exe
windows10-2004-x64
6ransomware...ya.exe
windows7-x64
6ransomware...ya.exe
windows10-2004-x64
6ransomware...om.exe
windows7-x64
10ransomware...om.exe
windows10-2004-x64
10ransomware...ab.exe
windows7-x64
10ransomware...ab.exe
windows10-2004-x64
10ransomware...ye.exe
windows7-x64
10ransomware...ye.exe
windows10-2004-x64
10ransomware...ni.exe
windows7-x64
10ransomware...ni.exe
windows10-2004-x64
10ransomware...pt.exe
windows7-x64
10ransomware...pt.exe
windows10-2004-x64
10ransomware...ya.exe
windows7-x64
7ransomware...ya.exe
windows10-2004-x64
7ransomware...en.exe
windows7-x64
8Static task
static1
Behavioral task
behavioral1
Sample
ransomwares/7ev3n/7ev3n.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ransomwares/7ev3n/7ev3n.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
ransomwares/Annabelle/Annabelle.exe
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
ransomwares/Annabelle/Annabelle.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
ransomwares/BadRabbit/BadRabbit.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
ransomwares/BadRabbit/BadRabbit.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
ransomwares/Birele/Birele.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral8
Sample
ransomwares/Cerber 5/Cerber 5.exe
Resource
win7-20240221-en
Behavioral task
behavioral9
Sample
ransomwares/Cerber 5/Cerber 5.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral10
Sample
ransomwares/Darkside/Darkside.exe
Resource
win7-20240221-en
Behavioral task
behavioral11
Sample
ransomwares/Darkside/Darkside.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral12
Sample
ransomwares/DeriaLock/DeriaLock.exe
Resource
win7-20240221-en
Behavioral task
behavioral13
Sample
ransomwares/DeriaLock/DeriaLock.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral14
Sample
ransomwares/Fake GoldenEye/FakeGoldenEye.exe
Resource
win7-20240215-en
Behavioral task
behavioral15
Sample
ransomwares/Fake GoldenEye/FakeGoldenEye.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral16
Sample
ransomwares/Fake PetrWrap/FakePetrWrap.exe
Resource
win7-20231129-en
Behavioral task
behavioral17
Sample
ransomwares/Fake PetrWrap/FakePetrWrap.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral18
Sample
ransomwares/FakePetya/FakePetya.exe
Resource
win7-20240221-en
Behavioral task
behavioral19
Sample
ransomwares/FakePetya/FakePetya.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral20
Sample
ransomwares/Fantom/Fantom.exe
Resource
win7-20240221-en
Behavioral task
behavioral21
Sample
ransomwares/Fantom/Fantom.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral22
Sample
ransomwares/GandCrab/GandCrab.exe
Resource
win7-20240221-en
Behavioral task
behavioral23
Sample
ransomwares/GandCrab/GandCrab.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral24
Sample
ransomwares/GoldenEye/GoldenEye.exe
Resource
win7-20240215-en
Behavioral task
behavioral25
Sample
ransomwares/GoldenEye/GoldenEye.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral26
Sample
ransomwares/Huzuni/Huzuni.exe
Resource
win7-20240221-en
Behavioral task
behavioral27
Sample
ransomwares/Huzuni/Huzuni.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral28
Sample
ransomwares/InfinityCrypt/InfinityCrypt.exe
Resource
win7-20240221-en
Behavioral task
behavioral29
Sample
ransomwares/InfinityCrypt/InfinityCrypt.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral30
Sample
ransomwares/JanusPetya/JanusPetya.exe
Resource
win7-20240221-en
Behavioral task
behavioral31
Sample
ransomwares/JanusPetya/JanusPetya.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral32
Sample
ransomwares/Krotten/Krotten.exe
Resource
win7-20240220-en
General
-
Target
faef0354ee5f7c458afa16423e9ab04d.bin
-
Size
41.4MB
-
MD5
faef0354ee5f7c458afa16423e9ab04d
-
SHA1
a30b5673664f797cb40cd287260136e145071b85
-
SHA256
2eaccf2ffad0c83282b940b5ed1e65f38acacc9e002b48e3bf4f852e1097232a
-
SHA512
e8f9958c346936da0b1e5a92cc8cf08fbf750029eda3ea341c0ce7e27e452b7ec937a1deb4a147e6694fbcdc60dc2280d30ca709a2d950ed6732482c2337628a
-
SSDEEP
786432:Ox4aSbJJZiGQkTVugwej6bryq3sdGn/lCKVEKAhiDB9+DZwX1TpIb86PRzOISnxB:OyDCkTb+XpcdMnEAHWZATpIbBPRzOZxB
Malware Config
Extracted
sodinokibi
$2a$10$hIPnYTfL4yAd01j./DIPs.Tdwq.QURm2fbUM4pQFInKQ45tak6xW6
5891
notmissingout.com
employeesurveys.com
delchacay.com.ar
sw1m.ru
sofavietxinh.com
samnewbyjax.com
pawsuppetlovers.com
panelsandwichmadrid.es
frontierweldingllc.com
antenanavi.com
nokesvilledentistry.com
partnertaxi.sk
tomaso.gr
levihotelspa.fi
myhealth.net.au
midmohandyman.com
kirkepartner.dk
zewatchers.com
lapmangfpt.info.vn
purposeadvisorsolutions.com
fitnessbazaar.com
brigitte-erler.com
lescomtesdemean.be
supportsumba.nl
deltacleta.cat
mastertechengineering.com
dontpassthepepper.com
apprendrelaudit.com
whittier5k.com
ladelirante.fr
mariposapropaneaz.com
nsec.se
shsthepapercut.com
adoptioperheet.fi
labobit.it
retroearthstudio.com
ahouseforlease.com
greenfieldoptimaldentalcare.com
renergysolution.com
xtptrack.com
sandd.nl
euro-trend.pl
christ-michael.net
bigasgrup.com
plv.media
wacochamber.com
jyzdesign.com
facettenreich27.de
echtveilig.nl
mbxvii.com
igfap.com
noskierrenteria.com
strategicstatements.com
itelagen.com
burkert-ideenreich.de
cleliaekiko.online
baronloan.org
slwgs.org
wolf-glas-und-kunst.de
hardinggroup.com
mousepad-direkt.de
4youbeautysalon.com
suncrestcabinets.ca
zzyjtsgls.com
commercialboatbuilding.com
stemenstilte.nl
maasreusel.nl
bloggyboulga.net
vitavia.lt
skanah.com
autodujos.lt
leoben.at
filmstreamingvfcomplet.be
mediaplayertest.net
travelffeine.com
ungsvenskarna.se
securityfmm.com
rushhourappliances.com
ziegler-praezisionsteile.de
drinkseed.com
live-your-life.jp
deko4you.at
comarenterprises.com
despedidascostablanca.es
lebellevue.fr
schraven.de
daklesa.de
musictreehouse.net
imadarchid.com
karacaoglu.nl
oneheartwarriors.at
cheminpsy.fr
dr-seleznev.com
ilcdover.com
baptisttabernacle.com
malychanieruchomoscipremium.com
tennisclubetten.nl
bigbaguettes.eu
pcprofessor.com
pcp-nc.com
berliner-versicherungsvergleich.de
bouldercafe-wuppertal.de
rafaut.com
c-a.co.in
modamilyon.com
financescorecard.com
darnallwellbeing.org.uk
houseofplus.com
urist-bogatyr.ru
parkcf.nl
maratonaclubedeportugal.com
launchhubl.com
anteniti.com
mirjamholleman.nl
faizanullah.com
gantungankunciakrilikbandung.com
blgr.be
sachnendoc.com
smejump.co.th
minipara.com
lefumetdesdombes.com
arteservicefabbro.com
thee.network
walter-lemm.de
adultgamezone.com
dubscollective.com
tongdaifpthaiphong.net
todocaracoles.com
girlillamarketing.com
abl1.net
pinkexcel.com
smartypractice.com
ravensnesthomegoods.com
unim.su
deepsouthclothingcompany.com
leather-factory.co.jp
romeguidedvisit.com
leeuwardenstudentcity.nl
mymoneyforex.com
levdittliv.se
vihannesporssi.fi
bildungsunderlebnis.haus
abogados-en-alicante.es
nurturingwisdom.com
naturalrapids.com
micahkoleoso.de
tux-espacios.com
manifestinglab.com
effortlesspromo.com
boosthybrid.com.au
huesges-gruppe.de
kikedeoliveira.com
simpkinsedwards.co.uk
synlab.lt
expandet.dk
acomprarseguidores.com
yourobgyn.net
kariokids.com
x-ray.ca
serce.info.pl
run4study.com
seagatesthreecharters.com
dr-tremel-rednitzhembach.de
kath-kirche-gera.de
peterstrobos.com
liikelataamo.fi
littlebird.salon
kevinjodea.com
morawe-krueger.de
ilive.lt
iwelt.de
ai-spt.jp
gemeentehetkompas.nl
foryourhealth.live
koken-voor-baby.nl
d2marketing.co.uk
seproc.hn
porno-gringo.com
geoffreymeuli.com
camsadviser.com
garage-lecompte-rouen.fr
mdacares.com
andersongilmour.co.uk
havecamerawilltravel2017.wordpress.com
kedak.de
uranus.nl
tandartspraktijkheesch.nl
kojima-shihou.com
pomodori-pizzeria.de
advizewealth.com
blog.solutionsarchitect.guru
nandistribution.nl
desert-trails.com
celeclub.org
bouncingbonanza.com
toponlinecasinosuk.co.uk
revezlimage.com
modestmanagement.com
stoeferlehalle.de
pointos.com
wurmpower.at
marcuswhitten.site
1team.es
abitur-undwieweiter.de
hihaho.com
brawnmediany.com
coding-marking.com
paradicepacks.com
ymca-cw.org.uk
mdk-mediadesign.de
latestmodsapks.com
danskretursystem.dk
highimpactoutdoors.net
waynela.com
ki-lowroermond.nl
puertamatic.es
tulsawaterheaterinstallation.com
aarvorg.com
visiativ-industry.fr
systemate.dk
calxplus.eu
profectis.de
dsl-ip.de
fax-payday-loans.com
otsu-bon.com
iviaggisonciliegie.it
ontrailsandboulevards.com
spacecitysisters.org
odiclinic.org
zweerscreatives.nl
entopic.com
alysonhoward.com
8449nohate.org
sporthamper.com
schmalhorst.de
hvccfloorcare.com
danubecloud.com
gastsicht.de
corendonhotels.com
solinegraphic.com
kissit.ca
thewellnessmimi.com
presseclub-magdeburg.de
marietteaernoudts.nl
ncid.bc.ca
myhostcloud.com
commonground-stories.com
darrenkeslerministries.com
forskolorna.org
personalenhancementcenter.com
olejack.ru
projetlyonturin.fr
webcodingstudio.com
antonmack.de
ausbeverage.com.au
marketingsulweb.com
xltyu.com
syndikat-asphaltfieber.de
jsfg.com
ikads.org
i-arslan.de
figura.team
themadbotter.com
international-sound-awards.com
rebeccarisher.com
nicoleaeschbachorg.wordpress.com
parkstreetauto.net
helenekowalsky.com
bristolaeroclub.co.uk
csgospeltips.se
rerekatu.com
blood-sports.net
spsshomeworkhelp.com
plotlinecreative.com
hhcourier.com
birnam-wood.com
zflas.com
love30-chanko.com
sportverein-tambach.de
funjose.org.gt
oncarrot.com
cursoporcelanatoliquido.online
yamalevents.com
bimnapratica.com
schlafsack-test.net
jenniferandersonwriter.com
id-et-d.fr
satyayoga.de
ecopro-kanto.com
xn--fnsterputssollentuna-39b.se
vyhino-zhulebino-24.ru
spectrmash.ru
maineemploymentlawyerblog.com
cnoia.org
turkcaparbariatrics.com
zimmerei-fl.de
nijaplay.com
montrium.com
lecantou-coworking.com
fitnessingbyjessica.com
copystar.co.uk
igrealestate.com
groupe-frayssinet.fr
creamery201.com
mrtour.site
jusibe.com
mank.de
sportsmassoren.com
austinlchurch.com
dekkinngay.com
35-40konkatsu.net
stacyloeb.com
hkr-reise.de
diversiapsicologia.es
norovirus-ratgeber.de
mercantedifiori.com
kmbshipping.co.uk
brevitempore.net
psnacademy.in
2ekeus.nl
praxis-foerderdiagnostik.de
devstyle.org
tanzschule-kieber.de
layrshift.eu
homng.net
insigniapmg.com
mapawood.com
zenderthelender.com
smogathon.com
dramagickcom.wordpress.com
tanciu.com
clos-galant.com
connectedace.com
wasmachtmeinfonds.at
tips.technology
atozdistribution.co.uk
thefixhut.com
harpershologram.wordpress.com
kafu.ch
bodyfulls.com
daniel-akermann-architektur-und-planung.ch
123vrachi.ru
lange.host
kingfamily.construction
petnest.ir
rota-installations.co.uk
caffeinternet.it
brandl-blumen.de
ralister.co.uk
oceanastudios.com
hugoversichert.de
xn--rumung-bua.online
cityorchardhtx.com
extensionmaison.info
real-estate-experts.com
wmiadmin.com
abogadoengijon.es
verytycs.com
southeasternacademyofprosthodontics.org
jbbjw.com
bxdf.info
pt-arnold.de
xn--singlebrsen-vergleich-nec.com
mir-na-iznanku.com
mindpackstudios.com
linnankellari.fi
web.ion.ag
stupbratt.no
aurum-juweliere.de
roadwarrior.app
crowd-patch.co.uk
jadwalbolanet.info
dlc.berlin
wari.com.pe
fairfriends18.de
femxarxa.cat
thedad.com
bhwlawfirm.com
muamuadolls.com
resortmtn.com
sexandfessenjoon.wordpress.com
tanzprojekt.com
epwritescom.wordpress.com
div-vertriebsforschung.de
hypozentrum.com
www1.proresult.no
drnice.de
ecpmedia.vn
aco-media.nl
lusak.at
chavesdoareeiro.com
zonamovie21.net
tinyagency.com
parking.netgateway.eu
miraclediet.fun
oldschoolfun.net
smhydro.com.pl
mirkoreisser.de
starsarecircular.org
modelmaking.nl
corelifenutrition.com
raschlosser.de
greenko.pl
kaotikkustomz.com
paulisdogshop.de
craigvalentineacademy.com
catholicmusicfest.com
sarbatkhalsafoundation.org
mikeramirezcpa.com
eglectonk.online
simulatebrain.com
allamatberedare.se
lascuola.nl
zso-mannheim.de
kindersitze-vergleich.de
baumkuchenexpo.jp
vermoote.de
freie-gewerkschaften.de
cactusthebrand.com
1kbk.com.ua
mytechnoway.com
polzine.net
xn--thucmctc-13a1357egba.com
krcove-zily.eu
bodyforwife.com
sauschneider.info
woodworkersolution.com
admos-gleitlager.de
stingraybeach.com
body-guards.it
hotelzentral.at
compliancesolutionsstrategies.com
gopackapp.com
dutchbrewingcoffee.com
intecwi.com
nvwoodwerks.com
reddysbakery.com
directwindowco.com
liveottelut.com
citymax-cr.com
waveneyrivercentre.co.uk
kunze-immobilien.de
yousay.site
rocketccw.com
troegs.com
jiloc.com
friendsandbrgrs.com
castillobalduz.es
basisschooldezonnewijzer.nl
hrabritelefon.hr
calabasasdigest.com
fatfreezingmachines.com
berlin-bamboo-bikes.org
controldekk.com
xlarge.at
conexa4papers.trade
yassir.pro
bierensgebakkramen.nl
asiluxury.com
conasmanagement.de
joyeriaorindia.com
tetinfo.in
the-domain-trader.com
servicegsm.net
firstpaymentservices.com
gasolspecialisten.se
jvanvlietdichter.nl
takeflat.com
freie-baugutachterpraxis.de
huissier-creteil.com
scenepublique.net
atmos-show.com
interactcenter.org
lloydconstruction.com
bestbet.com
hotelsolbh.com.br
healthyyworkout.com
hoteledenpadova.it
bockamp.com
quizzingbee.com
thedresserie.com
plastidip.com.ar
devlaur.com
kojinsaisei.info
zervicethai.co.th
newyou.at
myzk.site
siluet-decor.ru
sabel-bf.com
poultrypartners.nl
boisehosting.net
socstrp.org
actecfoundation.org
offroadbeasts.com
aunexis.ch
stormwall.se
nativeformulas.com
jolly-events.com
luckypatcher-apkz.com
centromarysalud.com
mylovelybluesky.com
cranleighscoutgroup.org
radaradvies.nl
fotoscondron.com
sloverse.com
theshungiteexperience.com.au
onlyresultsmarketing.com
bowengroup.com.au
artallnightdc.com
space.ua
gratispresent.se
sevenadvertising.com
bingonearme.org
carrybrands.nl
12starhd.online
transliminaltribe.wordpress.com
tigsltd.com
esope-formation.fr
global-kids.info
xoabigail.com
milestoneshows.com
balticdentists.com
pogypneu.sk
elimchan.com
vloeren-nu.nl
pmcimpact.com
westdeptfordbuyrite.com
charlesreger.com
narcert.com
argos.wityu.fund
outcomeisincome.com
appsformacpc.com
importardechina.info
alten-mebel63.ru
thailandholic.com
ra-staudte.de
henricekupper.com
twohourswithlena.wordpress.com
nachhilfe-unterricht.com
koko-nora.dk
dinslips.se
longislandelderlaw.com
digivod.de
woodleyacademy.org
knowledgemuseumbd.com
hairnetty.wordpress.com
memaag.com
richard-felix.co.uk
edv-live.de
kamahouse.net
truenyc.co
fizzl.ru
shiresresidential.com
proudground.org
carriagehousesalonvt.com
fibrofolliculoma.info
drugdevice.org
kaliber.co.jp
sagadc.com
collaborativeclassroom.org
mmgdouai.fr
quickyfunds.com
waermetauscher-berechnen.de
asgestion.com
praxis-management-plus.de
i-trust.dk
sobreholanda.com
phantastyk.com
beaconhealthsystem.org
moveonnews.com
spargel-kochen.de
portoesdofarrobo.com
nataschawessels.com
jorgobe.at
dubnew.com
art2gointerieurprojecten.nl
glennroberts.co.nz
licor43.de
hellohope.com
coastalbridgeadvisors.com
seevilla-dr-sturm.at
kenhnoithatgo.com
talentwunder.com
flexicloud.hk
lubetkinmediacompanies.com
promesapuertorico.com
anybookreader.de
operaslovakia.sk
krlosdavid.com
slupetzky.at
argenblogs.com.ar
remcakram.com
gadgetedges.com
vannesteconstruct.be
humanityplus.org
patrickfoundation.net
lykkeliv.net
hexcreatives.co
punchbaby.com
socialonemedia.com
vickiegrayimages.com
greenpark.ch
alvinschwartz.wordpress.com
danholzmann.com
pelorus.group
rksbusiness.com
dw-css.de
theclubms.com
rieed.de
antiaginghealthbenefits.com
baylegacy.com
autodemontagenijmegen.nl
boompinoy.com
cite4me.org
pickanose.com
meusharklinithome.wordpress.com
huehnerauge-entfernen.de
summitmarketingstrategies.com
perbudget.com
gmto.fr
physiofischer.de
chefdays.de
roygolden.com
vorotauu.ru
agence-chocolat-noir.com
ulyssemarketing.com
tophumanservicescourses.com
vibehouse.rw
airconditioning-waalwijk.nl
carolinepenn.com
sweering.fr
igorbarbosa.com
marchand-sloboda.com
hairstylesnow.site
creative-waves.co.uk
thaysa.com
kostenlose-webcams.com
spylista.com
amylendscrestview.com
allfortheloveofyou.com
kaminscy.com
deprobatehelp.com
ditog.fr
rostoncastings.co.uk
naturstein-hotte.de
backstreetpub.com
celularity.com
tonelektro.nl
caribbeansunpoker.com
merzi.info
solhaug.tk
whyinterestingly.ru
htchorst.nl
restaurantesszimmer.de
devok.info
consultaractadenacimiento.com
innote.fi
senson.fi
cwsitservices.co.uk
tandartspraktijkhartjegroningen.nl
mbfagency.com
thomasvicino.com
filmvideoweb.com
michaelsmeriglioracing.com
artotelamsterdam.com
pubweb.carnet.hr
philippedebroca.com
lynsayshepherd.co.uk
all-turtles.com
hokagestore.com
eadsmurraypugh.com
theletter.company
pridoxmaterieel.nl
buroludo.nl
trapiantofue.it
christinarebuffetcourses.com
ilso.net
selfoutlet.com
chaotrang.com
jameskibbie.com
alhashem.net
insidegarage.pl
the-virtualizer.com
fotoideaymedia.es
craigmccabe.fun
saxtec.com
opatrovanie-ako.sk
lbcframingelectrical.com
testzandbakmetmening.online
cuspdental.com
rosavalamedahr.com
behavioralmedicinespecialists.com
joseconstela.com
helikoptervluchtnewyork.nl
coursio.com
hashkasolutindo.com
baustb.de
parebrise-tla.fr
ouryoungminds.wordpress.com
dutchcoder.nl
bundabergeyeclinic.com.au
smart-light.co.uk
simpliza.com
ceid.info.tr
4net.guru
americafirstcommittee.org
ncs-graphic-studio.com
myteamgenius.com
ianaswanson.com
lightair.com
planchaavapor.net
crosspointefellowship.church
maxadams.london
humancondition.com
rimborsobancario.net
navyfederalautooverseas.com
jasonbaileystudio.com
new.devon.gov.uk
theadventureedge.com
tecnojobsnet.com
globedivers.wordpress.com
mezhdu-delom.ru
pivoineetc.fr
quemargrasa.net
xn--logopdie-leverkusen-kwb.de
dareckleyministries.com
gporf.fr
judithjansen.com
augenta.com
stoneys.ch
accountancywijchen.nl
better.town
smalltownideamill.wordpress.com
amerikansktgodis.se
gasbarre.com
architecturalfiberglass.org
kao.at
asteriag.com
evergreen-fishing.com
notsilentmd.org
kamienny-dywan24.pl
ussmontanacommittee.us
mountsoul.de
lachofikschiet.nl
xn--vrftet-pua.biz
heidelbergartstudio.gallery
waywithwords.net
galleryartfair.com
stopilhan.com
victoriousfestival.co.uk
instatron.net
chandlerpd.com
blacksirius.de
surespark.org.uk
almosthomedogrescue.dog
bafuncs.org
fannmedias.com
penco.ie
people-biz.com
lukeshepley.wordpress.com
pferdebiester.de
d1franchise.com
mepavex.nl
happyeasterimages.org
ecoledansemulhouse.fr
exenberger.at
slimani.net
imperfectstore.com
oslomf.no
smithmediastrategies.com
nacktfalter.de
hatech.io
klusbeter.nl
videomarketing.pro
madinblack.com
mediaacademy-iraq.org
destinationclients.fr
torgbodenbollnas.se
farhaani.com
boulderwelt-muenchen-west.de
nosuchthingasgovernment.com
wellplast.se
harveybp.com
psa-sec.de
schoolofpassivewealth.com
transportesycementoshidalgo.es
jerling.de
craftleathermnl.com
bsaship.com
wychowanieprzedszkolne.pl
abogadosadomicilio.es
streamerzradio1.site
pv-design.de
johnsonfamilyfarmblog.wordpress.com
delawarecorporatelaw.com
herbayupro.com
irishmachineryauctions.com
macabaneaupaysflechois.com
milsing.hr
pasivect.co.uk
walkingdeadnj.com
sportiomsportfondsen.nl
durganews.com
oemands.dk
maureenbreezedancetheater.org
otto-bollmann.de
lillegrandpalais.com
dirittosanitario.biz
naturavetal.hr
monark.com
theapifactory.com
sairaku.net
marathonerpaolo.com
abogadosaccidentetraficosevilla.es
ogdenvision.com
thenewrejuveme.com
mooshine.com
dr-pipi.de
stallbyggen.se
handi-jack-llc.com
babcockchurch.org
jacquin-maquettes.com
shonacox.com
siliconbeach-realestate.com
qlog.de
blumenhof-wegleitner.at
katketytaanet.fi
worldhealthbasicinfo.com
trackyourconstruction.com
centrospgolega.com
centuryrs.com
bayoga.co.uk
theduke.de
solerluethi-allart.ch
strandcampingdoonbeg.com
caribdoctor.org
liliesandbeauties.org
cortec-neuro.com
kadesignandbuild.co.uk
advokathuset.dk
bouquet-de-roses.com
noesis.tech
denifl-consulting.at
vanswigchemdesign.com
uimaan.fi
dpo-as-a-service.com
iqbalscientific.com
tomoiyuma.com
sahalstore.com
sotsioloogia.ee
nmiec.com
zimmerei-deboer.de
katiekerr.co.uk
nuzech.com
corona-handles.com
crowcanyon.com
bbsmobler.se
allure-cosmetics.at
jobcenterkenya.com
edgewoodestates.org
id-vet.com
steampluscarpetandfloors.com
microcirc.net
ostheimer.at
colorofhorses.com
eco-southafrica.com
hebkft.hu
bookspeopleplaces.com
ino-professional.ru
alfa-stroy72.com
cafemattmeera.com
associationanalytics.com
edrcreditservices.nl
dezatec.es
blewback.com
allentownpapershow.com
bastutunnan.se
comparatif-lave-linge.fr
bogdanpeptine.ro
kosterra.com
tsklogistik.eu
erstatningsadvokaterne.dk
chrissieperry.com
wraithco.com
idemblogs.com
homesdollar.com
completeweddingkansas.com
gymnasedumanagement.com
executiveairllc.com
haar-spange.com
mrxermon.de
skiltogprint.no
candyhouseusa.com
aprepol.com
eaglemeetstiger.de
sanyue119.com
kuntokeskusrok.fi
charlottepoudroux-photographie.fr
classycurtainsltd.co.uk
denovofoodsgroup.com
kidbucketlist.com.au
stoeberstuuv.de
faronics.com
atalent.fi
mrsfieldskc.com
fensterbau-ziegler.de
ruralarcoiris.com
heliomotion.com
besttechie.com
321play.com.hk
apolomarcas.com
biapi-coaching.fr
sojamindbody.com
pocket-opera.de
bradynursery.com
loprus.pl
plantag.de
thomas-hospital.de
ftf.or.at
insp.bi
groupe-cets.com
tarotdeseidel.com
c2e-poitiers.com
tenacitytenfold.com
pay4essays.net
rehabilitationcentersinhouston.net
shiftinspiration.com
gaiam.nl
jobmap.at
buymedical.biz
bargningavesta.se
aakritpatel.com
lucidinvestbank.com
nakupunafoundation.org
dushka.ua
fayrecreations.com
alsace-first.com
answerstest.ru
lmtprovisions.com
bordercollie-nim.nl
foretprivee.ca
norpol-yachting.com
naswrrg.org
slashdb.com
webhostingsrbija.rs
evologic-technologies.com
polychromelabs.com
precisionbevel.com
hannah-fink.de
prochain-voyage.net
milltimber.aberdeen.sch.uk
mylolis.com
DupontSellsHomes.com
tampaallen.com
piajeppesen.dk
kampotpepper.gives
limassoldriving.com
finde-deine-marke.de
danielblum.info
cirugiauretra.es
dnepr-beskid.com.ua
101gowrie.com
officehymy.com
courteney-cox.net
vetapharma.fr
lichencafe.com
broseller.com
fiscalsort.com
rhinosfootballacademy.com
campus2day.de
mooreslawngarden.com
sipstroysochi.ru
crediacces.com
platformier.com
ampisolabergeggi.it
justinvieira.com
spd-ehningen.de
anthonystreetrimming.com
micro-automation.de
pier40forall.org
agence-referencement-naturel-geneve.net
forestlakeuca.org.au
coding-machine.com
imaginado.de
falcou.fr
ateliergamila.com
homecomingstudio.com
elpa.se
vitalyscenter.es
bricotienda.com
aniblinova.wordpress.com
ihr-news.jp
aminaboutique247.com
xn--fn-kka.no
veybachcenter.de
ccpbroadband.com
geisterradler.de
urmasiimariiuniri.ro
easytrans.com.au
pasvenska.se
lapinvihreat.fi
lionware.de
botanicinnovations.com
leda-ukraine.com.ua
tradiematepro.com.au
vdberg-autoimport.nl
neuschelectrical.co.za
seminoc.com
vibethink.net
iyahayki.nl
grelot-home.com
iphoneszervizbudapest.hu
y-archive.com
sla-paris.com
parks-nuernberg.de
newstap.com.ng
jakekozmor.com
tinkoff-mobayl.ru
ledmes.ru
teresianmedia.org
rozemondcoaching.nl
bigler-hrconsulting.ch
irinaverwer.com
wien-mitte.co.at
symphonyenvironmental.com
body-armour.online
lenreactiv-shop.ru
aodaichandung.com
educar.org
seitzdruck.com
eraorastudio.com
iyengaryogacharlotte.com
triactis.com
vesinhnha.com.vn
osterberg.fi
cuppacap.com
ausair.com.au
cursosgratuitosnainternet.com
aglend.com.au
izzi360.com
miriamgrimm.de
readberserk.com
abuelos.com
analiticapublica.es
corola.es
psc.de
architekturbuero-wagner.net
coffreo.biz
stampagrafica.es
sanaia.com
manutouchmassage.com
tastewilliamsburg.com
braffinjurylawfirm.com
spinheal.ru
deoudedorpskernnoordwijk.nl
klimt2012.info
galserwis.pl
pixelarttees.com
testcoreprohealthuk.com
edelman.jp
unetica.fr
hiddencitysecrets.com.au
grupocarvalhoerodrigues.com.br
qualitus.com
smessier.com
sinal.org
familypark40.com
degroenetunnel.com
croftprecision.co.uk
jeanlouissibomana.com
teknoz.net
embracinghiscall.com
evangelische-pfarrgemeinde-tuniberg.de
shhealthlaw.com
ivivo.es
faroairporttransfers.net
werkkring.nl
villa-marrakesch.de
nestor-swiss.ch
associacioesportivapolitg.cat
makeitcount.at
fransespiegels.nl
work2live.de
beyondmarcomdotcom.wordpress.com
drfoyle.com
promalaga.es
upmrkt.co
herbstfeststaefa.ch
ligiercenter-sachsen.de
pierrehale.com
artige.com
digi-talents.com
cimanchesterescorts.co.uk
stemplusacademy.com
ctrler.cn
ceres.org.au
oneplusresource.org
toreria.es
bptdmaluku.com
ftlc.es
mooglee.com
finediningweek.pl
mountaintoptinyhomes.com
rumahminangberdaya.com
autopfand24.de
boldcitydowntown.com
triggi.de
mrsplans.net
tuuliautio.fi
geekwork.pl
songunceliptv.com
simoneblum.de
jandaonline.com
sterlingessay.com
bargningharnosand.se
smokeysstoves.com
fundaciongregal.org
markelbroch.com
saka.gr
juneauopioidworkgroup.org
assurancesalextrespaille.fr
schoellhammer.com
verifort-capital.de
first-2-aid-u.com
zieglerbrothers.de
vietlawconsultancy.com
rollingrockcolumbia.com
lapinlviasennus.fi
campusoutreach.org
mardenherefordshire-pc.gov.uk
enovos.de
makeurvoiceheard.com
pmc-services.de
onlybacklink.com
365questions.org
nancy-informatique.fr
hmsdanmark.dk
maryloutaylor.com
ncuccr.org
wsoil.com.sg
julis-lsa.de
carlosja.com
bee4win.com
live-con-arte.de
aselbermachen.com
ivfminiua.com
webmaster-peloton.com
blogdecachorros.com
softsproductkey.com
latribuessentielle.com
biortaggivaldelsa.com
chatizel-paysage.fr
vancouver-print.ca
bridgeloanslenders.com
simplyblessedbykeepingitreal.com
autofolierung-lu.de
cerebralforce.net
higadograsoweb.com
cyntox.com
smale-opticiens.nl
gonzalezfornes.es
upplandsspar.se
slimidealherbal.com
verbisonline.com
kalkulator-oszczednosci.pl
teczowadolina.bytom.pl
shadebarandgrillorlando.com
paymybill.guru
gamesboard.info
ora-it.de
dublikator.com
lorenacarnero.com
tstaffing.nl
datacenters-in-europe.com
luxurytv.jp
binder-buerotechnik.at
vox-surveys.com
team-montage.dk
polymedia.dk
highlinesouthasc.com
nhadatcanho247.com
n1-headache.com
trystana.com
bunburyfreightservices.com.au
makeflowers.ru
urclan.net
icpcnj.org
milanonotai.it
refluxreducer.com
bauertree.com
blossombeyond50.com
kisplanning.com.au
em-gmbh.ch
saarland-thermen-resort.com
haremnick.com
ohidesign.com
stefanpasch.me
deschl.net
beautychance.se
manijaipur.com
withahmed.com
balticdermatology.lt
heurigen-bauer.at
logopaedie-blomberg.de
trulynolen.co.uk
ventti.com.ar
extraordinaryoutdoors.com
goodgirlrecovery.com
winrace.no
qualitaetstag.de
noixdecocom.fr
schutting-info.nl
mediaclan.info
hushavefritid.dk
no-plans.com
iwr.nl
gw2guilds.org
fitovitaforum.com
podsosnami.ru
journeybacktolife.com
you-bysia.com.au
-
net
false
-
pid
$2a$10$hIPnYTfL4yAd01j./DIPs.Tdwq.QURm2fbUM4pQFInKQ45tak6xW6
-
prc
firefox
oracle
visio
xfssvccon
steam
winword
mspub
isqlplussvc
ocssd
ocautoupds
mydesktopqos
outlook
dbeng50
sql
agntsvc
tbirdconfig
encsvc
thebat
synctime
onenote
mydesktopservice
thunderbird
excel
powerpnt
dbsnmp
sqbcoreservice
ocomm
infopath
wordpad
msaccess
-
ransom_oneliner
All of your files are encrypted! Find {EXT}-readme.txt and follow instuctions
-
ransom_template
---=== Welcome. Again. ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension {EXT}. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee. If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money. [+] How to get access on website? [+] You have two ways: 1) [Recommended] Using a TOR browser! a) Download and install TOR browser from this site: https://torproject.org/ b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID} 2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this: a) Open your any browser (Chrome, Firefox, Opera, IE, Edge) b) Open our secondary website: http://decryptor.cc/{UID} Warning: secondary website can be blocked, thats why first variant much better and more available. When you open our website, put the following data in the input form: Key: {KEY} ----------------------------------------------------------------------------------------- !!! DANGER !!! DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data. !!! !!! !!! ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere. !!! !!! !!!
-
sub
5891
-
svc
veeam
vss
backup
sophos
svc$
mepocs
memtas
sql
Signatures
-
Sodinokibi family
-
resource yara_rule static1/unpack001/ransomwares/Birele/Birele.exe upx static1/unpack001/ransomwares/JanusPetya/JanusPetya.exe upx static1/unpack001/ransomwares/RedBoot/RedBoot.exe upx static1/unpack001/ransomwares/Rokku/Rokku.exe upx static1/unpack001/ransomwares/Xyeta/Xyeta.exe upx -
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule static1/unpack001/ransomwares/Windows10Update/Windows10Update.exe autoit_exe -
Unsigned PE 40 IoCs
Checks for missing Authenticode signature.
resource unpack001/ransomwares/7ev3n/7ev3n.exe unpack001/ransomwares/Annabelle/Annabelle.exe unpack001/ransomwares/Birele/Birele.exe unpack005/out.upx unpack001/ransomwares/Darkside/Darkside.exe unpack001/ransomwares/DeriaLock/DeriaLock.exe unpack001/ransomwares/Fake GoldenEye/FakeGoldenEye.exe unpack001/ransomwares/Fake PetrWrap/FakePetrWrap.exe unpack001/ransomwares/FakePetya/FakePetya.exe unpack001/ransomwares/Fantom/Fantom.exe unpack001/ransomwares/GandCrab/GandCrab.exe unpack001/ransomwares/GoldenEye/GoldenEye.exe unpack001/ransomwares/Huzuni/Huzuni.exe unpack001/ransomwares/InfinityCrypt/InfinityCrypt.exe unpack001/ransomwares/JanusPetya/JanusPetya.exe unpack001/ransomwares/Krotten/Krotten.exe unpack001/ransomwares/Locky/Locky.exe unpack001/ransomwares/Mischa/Mischa.exe unpack001/ransomwares/MischaV2/MischaV2.exe unpack001/ransomwares/NoMoreRansom/NoMoreRansom.exe unpack001/ransomwares/PetrWrap/PetrWrap(Patched).exe unpack001/ransomwares/PetrWrap/PetrWrap.exe unpack001/ransomwares/Petya.A/Petya.A.exe unpack001/ransomwares/PetyaMFTDestroyer/PetyaMFTDestroyer.exe unpack001/ransomwares/PolyRansom/PolyRansom.exe unpack001/ransomwares/PowerPoint/PowerPoint.exe unpack001/ransomwares/RansomBlox/RansomBlox.exe unpack001/ransomwares/RedBoot/RedBoot.exe unpack001/ransomwares/RedEye/RedEye.exe unpack001/ransomwares/Rensenware/Rensenware.exe unpack001/ransomwares/Rokku/Rokku.exe unpack001/ransomwares/Seftad/Seftad.exe unpack001/ransomwares/Sodinokibi/Sodinokibi.exe unpack001/ransomwares/ViraLock/ViraLock.exe unpack001/ransomwares/WannaCry 1.0/WannaCry 1.0.exe unpack001/ransomwares/WannaCrypt0r/WannaCrypt0r.exe unpack001/ransomwares/Wannacry (Plus)/Wannacry (Plus).exe unpack001/ransomwares/Windows10Update/Windows10Update.exe unpack001/ransomwares/Winlocker.VB6.Blacksod/Winlocker.VB6.Blacksod/WinlockerVB6Blacksod.exe unpack001/ransomwares/Xyeta/Xyeta.exe
Files
-
faef0354ee5f7c458afa16423e9ab04d.bin.zip
Password: infected
-
ransomwares/7ev3n/7ev3n.exe.exe windows:6 windows x86 arch:x86
Password: infected
008aca28b7c001acc5e0ab32fabaad84
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GetCurrentProcess
ExitThread
SetEndOfFile
CreateFileW
HeapSize
WriteConsoleW
ReadConsoleW
SetStdHandle
FindFirstFileExW
FindClose
GetProcAddress
GetCommandLineW
GetCommandLineA
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WinExec
CreateProcessA
GetStartupInfoA
GetModuleFileNameW
CopyFileA
GetFileAttributesA
GetModuleFileNameA
FindNextFileW
GetLocalTime
FindFirstFileW
CreateThread
GetModuleHandleW
Sleep
GetLogicalDrives
VerifyVersionInfoW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileAttributesExW
GetExitCodeProcess
WaitForSingleObject
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
GetLastError
FreeLibrary
LoadLibraryExW
RaiseException
RtlUnwind
MoveFileExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetACP
HeapAlloc
HeapReAlloc
HeapFree
VerSetConditionMask
user32
ShowWindow
SendMessageW
FindWindowW
DrawTextA
CallNextHookEx
GetAsyncKeyState
DefWindowProcW
PostQuitMessage
DestroyWindow
KillTimer
InvalidateRect
SetTimer
EndPaint
SetWindowsHookExW
DrawTextW
BeginPaint
GetSystemMetrics
ShowCursor
DispatchMessageW
TranslateMessage
GetMessageW
SetForegroundWindow
SetWindowLongW
SetWindowPos
CreateWindowExW
RegisterClassExW
LoadCursorW
gdi32
MoveToEx
CreatePen
DeleteObject
SetTextColor
SetBkMode
SelectObject
CreateFontIndirectW
CreateSolidBrush
LineTo
advapi32
SystemFunction036
GetUserNameA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
shell32
ord680
wininet
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle
netapi32
NetUserGetInfo
Sections
.text Size: 174KB - Virtual size: 174KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 122KB - Virtual size: 121KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 840B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ransomwares/Annabelle/Annabelle.exe.exe windows:4 windows x64 arch:x64
Password: infected
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 15.7MB - Virtual size: 15.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 268KB - Virtual size: 267KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
ransomwares/BadRabbit/BadRabbit.exe.exe windows:5 windows x86 arch:x86
Password: infected
e3bda9df66f1f9b2b9b7b068518f2af1
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0e:bf:ea:68:d6:77:b3:e2:6c:ab:41:c3:3f:3e:69:deCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before16-12-2016 00:00Not After17-12-2017 23:59SubjectCN=Symantec Corporation,OU=STAR Security Engines,O=Symantec Corporation,L=Mountain View,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08-02-2010 00:00Not After07-02-2020 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
2e:6b:e6:bd:11:a8:67:6e:6c:57:90:9e:9b:0d:5f:57Certificate
IssuerCN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before15-03-2017 00:00Not After13-04-2018 23:59SubjectCN=Symantec Corporation,OU=STAR Security Engines,O=Symantec Corporation,L=Mountain View,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8Certificate
IssuerCN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before22-07-2014 00:00Not After21-07-2024 23:59SubjectCN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate
IssuerCN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before12-01-2016 00:00Not After11-01-2031 23:59SubjectCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate
IssuerCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before02-01-2017 00:00Not After01-04-2028 23:59SubjectCN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
c9:13:30:16:a3:e5:cf:bf:b1:aa:8b:50:d1:16:0f:a5:35:73:41:3d:4f:81:f8:71:05:4e:c7:39:6d:5a:8b:17Signer
Actual PE Digestc9:13:30:16:a3:e5:cf:bf:b1:aa:8b:50:d1:16:0f:a5:35:73:41:3d:4f:81:f8:71:05:4e:c7:39:6d:5a:8b:17Digest Algorithmsha256PE Digest Matchesfalsebd:ae:90:d3:3b:42:bf:69:31:7c:f4:d9:c1:9d:fd:c2:69:86:ca:f0Signer
Actual PE Digestbd:ae:90:d3:3b:42:bf:69:31:7c:f4:d9:c1:9d:fd:c2:69:86:ca:f0Digest Algorithmsha1PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ExitProcess
GetCommandLineW
GetFileSize
CreateProcessW
HeapAlloc
HeapFree
GetModuleHandleW
GetProcessHeap
WriteFile
GetSystemDirectoryW
ReadFile
GetModuleFileNameW
CreateFileW
lstrcatW
CloseHandle
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
user32
wsprintfW
shell32
CommandLineToArgvW
msvcrt
wcsstr
memcpy
free
malloc
Sections
.text Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 828B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 590B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ransomwares/Birele/Birele.exe.exe windows:10 windows x86 arch:x86
Password: infected
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 100KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 114KB - Virtual size: 116KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
.unp_1 Size: - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.text Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 788B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BSS Size: - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 124KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BSS Size: - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BSS Size: - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
ransomwares/Cerber 5/Cerber 5.exe.exe windows:5 windows x86 arch:x86
Password: infected
604de9c4534997ea4f32f86753fab871
Code Sign
16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31-12-2015 00:00Not After09-07-2019 18:40SubjectCN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
90:21:24:73:c7:06:f5:23:fe:84:bd:b9:a7:8a:01:f4Certificate
IssuerCN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before17-07-2017 00:00Not After17-07-2018 23:59SubjectCN=DEMUS\, OOO,OU=IT,O=DEMUS\, OOO,POSTALCODE=410010,STREET=d. 84 of. 2\, ul.Tankistov,L=Saratov,ST=RU,C=RU,2.5.4.18=#1306343130303130Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate
IssuerCN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09-05-2013 00:00Not After08-05-2028 23:59SubjectCN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
fb:f7:43:25:3a:5f:2f:99:ab:87:3e:d6:da:c8:11:b0:70:ec:8e:54Signer
Actual PE Digestfb:f7:43:25:3a:5f:2f:99:ab:87:3e:d6:da:c8:11:b0:70:ec:8e:54Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CreateFileW
LoadLibraryA
lstrlenA
lstrcpyA
lstrcmpW
WriteFile
WriteConsoleInputW
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjects
UnhandledExceptionFilter
TerminateProcess
TerminateJobObject
Sleep
SetUnhandledExceptionFilter
SetThreadPriority
SetThreadLocale
SetThreadExecutionState
SetPriorityClass
SetLastError
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ReleaseMutex
ReadConsoleOutputCharacterA
RaiseException
QueryPerformanceCounter
OutputDebugStringW
OutputDebugStringA
OpenEventW
MultiByteToWideChar
MoveFileExW
LocalFree
LocalAlloc
LoadLibraryW
LeaveCriticalSection
IsDebuggerPresent
InterlockedIncrement
InterlockedCompareExchange
InitializeCriticalSection
HeapReAlloc
HeapFree
HeapAlloc
GetWindowsDirectoryW
GetWindowsDirectoryA
GetVersionExW
GetVersionExA
GetTickCount
GetThreadLocale
GetSystemTimeAsFileTime
GetSystemTime
GetStartupInfoA
GetProcessPriorityBoost
GetProcessHeap
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetLastError
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetConsoleAliasExesLengthA
GetComputerNameW
FreeLibrary
FormatMessageW
FormatMessageA
ExitProcess
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateProcessW
CreateMutexA
CreateJobObjectA
CreateFileA
CloseHandle
CreateEventW
CreateEventA
InterlockedExchange
user32
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursor
SendMessageW
SendIMEMessageExW
RegisterDeviceNotificationW
RegisterClassW
PostMessageW
PeekMessageW
OpenWindowStationW
MessageBoxW
MessageBoxA
MessageBeep
MapDialogRect
LoadMenuA
LoadCursorW
KillTimer
IMPGetIMEW
GetWindowTextW
GetWindowRect
SetTimer
GetMenuItemID
GetKeyboardLayout
GetForegroundWindow
GetDlgItemTextW
GetDlgItem
GetDesktopWindow
EnumDesktopWindows
EndDialog
EnableMenuItem
DrawStateA
DispatchMessageW
DispatchMessageA
DialogBoxParamW
DestroyWindow
DestroyAcceleratorTable
DefWindowProcW
DdeQueryStringW
DdeGetLastError
CreateWindowExW
CreateDialogIndirectParamA
CreateAcceleratorTableW
SetWindowLongW
SetWindowTextW
ShowWindowAsync
TranslateMessage
UnregisterClassW
UnregisterDeviceNotification
wvsprintfW
IsWindowEnabled
LoadIconA
GetClipboardData
GetDlgCtrlID
GetOpenClipboardWindow
IsMenu
CreatePopupMenu
GetMenuItemCount
GetKBCodePage
GetMenuContextHelpId
GetFocus
GetInputState
GetShellWindow
GetAsyncKeyState
GetCapture
GetClipboardSequenceNumber
OemKeyScan
GetActiveWindow
CharUpperA
GetWindowDC
IsWindowUnicode
GetKeyboardType
EnumClipboardFormats
CopyIcon
GetMenuCheckMarkDimensions
EndMenu
GetListBoxInfo
ReleaseCapture
GetMessageExtraInfo
GetWindowLongW
CharToOemW
CharLowerW
BroadcastSystemMessageA
GetWindowContextHelpId
gdi32
SelectObject
SetBrushOrgEx
SetDCBrushColor
SetICMMode
SetPixelV
CancelDC
PathToRegion
CloseFigure
GetBkColor
AbortDoc
FlattenPath
GetObjectType
PlayMetaFileRecord
RealizePalette
WidenPath
SaveDC
BeginPath
SetMetaRgn
UnrealizeObject
AbortPath
EndPage
CreateMetaFileA
AddFontResourceA
SwapBuffers
OffsetWindowOrgEx
GetTextMetricsW
GetTextExtentPointW
GetTextCharset
GetMetaRgn
GetKerningPairsW
GetCurrentObject
GetCharWidth32A
GdiSwapBuffers
GdiStartPageEMF
GdiQueryTable
GdiGradientFill
GdiComment
GdiCleanCacheDC
FixBrushOrgEx
EngGradientFill
EngDeletePath
DescribePixelFormat
DeleteObject
DeleteDC
CreatePolygonRgn
CreateICA
CreateHatchBrush
CreateEllipticRgn
CreateDIBSection
CreateDCW
ChoosePixelFormat
AngleArc
BRUSHOBJ_pvAllocRbrush
GetTextColor
advapi32
RegEnumValueW
RegOpenKeyW
StartServiceCtrlDispatcherW
SetServiceStatus
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
SetEntriesInAclW
ReportEventW
RegisterServiceCtrlHandlerExW
RegisterEventSourceW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
AllocateAndInitializeSid
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyW
RegCloseKey
OpenServiceW
OpenSCManagerW
InitializeSecurityDescriptor
GetUserNameW
FreeSid
DeregisterEventSource
DeleteService
CreateServiceW
CloseServiceHandle
shell32
Shell_NotifyIconW
ShellExecuteExA
SHPathPrepareForWriteW
SHLoadNonloadedIconOverlayIdentifiers
SHInvokePrinterCommandW
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetSettings
SHGetPathFromIDListW
SHGetMalloc
CommandLineToArgvW
DoEnvironmentSubstA
DoEnvironmentSubstW
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
ExtractAssociatedIconW
ExtractIconA
ExtractIconEx
SHAddToRecentDocs
SHBindToParent
SHBrowseForFolderW
SHCreateProcessAsUserW
SHEmptyRecycleBinW
SHGetFolderPathA
SHGetFolderPathW
ShellExecuteExW
shlwapi
StrChrW
StrCmpNIA
StrCmpNIW
StrCmpNW
StrRChrA
StrRChrIA
StrRStrIW
StrStrIA
StrChrA
comctl32
InitCommonControlsEx
msvcrt
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_abnormal_termination
_acmdln
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_exit
_initterm
_iob
_mbscmp
_mbscpy
_mbsicmp
_mbsinc
_mbslwr
_mbsnbcmp
_mbsnbicmp
_snwprintf
_vsnwprintf
_wcsicmp
_wcsnicmp
exit
fwprintf
iswctype
memmove
setlocale
wcschr
wcscmp
wcscpy
wcslen
wcsncmp
wcsrchr
_XcptFilter
__getmainargs
imm32
ImmDisableIME
Sections
.text Size: 293KB - Virtual size: 292KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 424B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
ransomwares/Darkside/Darkside.exe.exe windows:5 windows x86 arch:x86
Password: infected
17a4bd9c95f2898add97f309fc6f9bcd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetProcAddress
LoadLibraryA
ExitProcess
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 374B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 26KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ransomwares/DeriaLock/DeriaLock.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Windows.old\Users\ArizonaCode\Documents\Visual Studio 2013\Projects\LOGON\LOGON\obj\Debug\LOGON.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 313KB - Virtual size: 313KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 312B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 168KB - Virtual size: 168KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ransomwares/Fake GoldenEye/FakeGoldenEye.exe.exe windows:5 windows x86 arch:x86
Password: infected
aa59bb138ba9dcdca5ef5c1e473df22c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetNativeSystemInfo
FreeLibrary
HeapAlloc
HeapFree
GetModuleHandleW
VirtualFree
GetProcessHeap
IsBadReadPtr
SetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
VirtualProtect
GetLastError
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
IsProcessorFeaturePresent
HeapCreate
Sleep
ExitProcess
WriteFile
GetModuleFileNameW
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle
RaiseException
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
MultiByteToWideChar
GetStringTypeW
RtlUnwind
LoadLibraryW
SetStdHandle
WriteConsoleW
HeapSize
CreateFileW
InitializeCriticalSection
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 19KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 448B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ransomwares/Fake GoldenEye/Key.txt
-
ransomwares/Fake PetrWrap/FakePetrWrap.exe.exe windows:5 windows x86 arch:x86
94f5979c154e333230727201857ca2b3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetNativeSystemInfo
FreeLibrary
HeapAlloc
HeapFree
GetModuleHandleW
VirtualFree
GetProcessHeap
IsBadReadPtr
SetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
VirtualProtect
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapReAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
IsProcessorFeaturePresent
HeapCreate
ExitProcess
WriteFile
GetModuleFileNameW
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetStringTypeW
LoadLibraryW
SetStdHandle
WriteConsoleW
CreateFileW
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 21KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 448B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ransomwares/Fake PetrWrap/Key.txt
-
ransomwares/FakePetya/FakePetya.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 10KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
ransomwares/Fantom/Fantom.exe.exe windows:5 windows x86 arch:x86
bf5a4aa99e5b160f8521cadd6bfe73b8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
RaiseException
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
ole32
OleInitialize
oleaut32
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
VariantInit
SysFreeString
SysAllocString
Sections
.text Size: 102KB - Virtual size: 101KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 125KB - Virtual size: 125KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
ransomwares/GandCrab/GandCrab.exe.exe windows:4 windows x86 arch:x86
754f05425de4ad06169098be9bbe56cb
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mfc42
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord641
ord324
ord825
ord2302
ord1768
ord537
ord4710
ord800
ord535
ord860
ord540
ord4275
ord5290
ord3402
ord3619
ord6055
ord1776
ord4424
ord3721
ord809
ord795
ord2614
ord556
ord567
ord3626
ord3663
ord2414
ord5875
ord1088
ord2122
ord1641
ord2860
ord6199
ord3874
ord3797
ord6358
ord858
ord6197
ord2859
ord6880
ord2864
ord941
ord5572
ord2915
ord5065
ord1771
ord6366
ord2413
ord4401
ord3639
ord692
ord823
ord3803
ord4277
ord939
ord940
ord5856
ord2784
ord4160
ord2379
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord1146
ord6877
ord2763
ord6930
ord6928
ord5861
ord6883
ord6283
ord6282
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2621
ord1168
ord2358
ord2301
ord2370
ord755
ord470
ord6334
ord801
ord541
ord3092
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord6453
ord4234
ord1576
msvcrt
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
_setmbcp
__CxxFrameHandler
_mbsstr
_mbsspn
free
_mbstok
_strdup
__dllonexit
kernel32
GetModuleHandleA
LoadLibraryA
VirtualProtect
lstrcatA
lstrcpyA
GetWindowsDirectoryA
FreeLibrary
GetStartupInfoA
GlobalAlloc
GlobalUnlock
GlobalLock
user32
InflateRect
ReleaseDC
GetDC
GetParent
GetWindowRect
IsWindow
LoadCursorA
RedrawWindow
PtInRect
GetCursorPos
KillTimer
GetSystemMetrics
DrawFocusRect
GetSubMenu
LoadMenuA
EnumWindows
LoadIconA
GetSysColor
GetSystemMenu
LoadAcceleratorsA
DrawIcon
IsIconic
UpdateWindow
TranslateAcceleratorA
SetWindowLongA
GetClientRect
SetTimer
SetCursor
SendMessageA
DestroyCursor
EmptyClipboard
SetClipboardData
OpenClipboard
CloseClipboard
AppendMenuA
InvalidateRect
EnableWindow
CopyIcon
gdi32
CreateFontIndirectA
GetTextMetricsA
GetCharWidthA
GetTextExtentPoint32A
GetObjectA
GetStockObject
advapi32
RegQueryValueA
RegCloseKey
RegOpenKeyExA
shell32
ShellExecuteA
Sections
.text Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 84KB - Virtual size: 81KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 200KB - Virtual size: 199KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xml Size: 116KB - Virtual size: 115KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
ransomwares/GoldenEye/GoldenEye.exe.exe windows:5 windows x86 arch:x86
eadbe699c9f56194b9bbdf2dd7631233
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\src\ZoomIt\Release\ZoomIt.pdb
Imports
comctl32
ord17
winmm
PlaySoundA
gdiplus
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectRect
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateBitmapFromHBITMAP
msimg32
AlphaBlend
kernel32
GetTickCount
FormatMessageA
lstrcpynA
CreateEventA
GetModuleFileNameA
CreateProcessA
GetCommandLineA
ExpandEnvironmentStringsA
FindResourceA
GetFileAttributesA
DeleteFileA
MultiByteToWideChar
GetStringTypeW
FatalAppExitA
CreateSemaphoreW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
MulDiv
GetFileType
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
RtlUnwind
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
HeapSize
GetModuleFileNameW
WriteFile
GetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetProcessHeap
GetCurrentThreadId
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
InterlockedDecrement
InterlockedIncrement
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
HeapAlloc
HeapFree
Beep
CloseHandle
SizeofResource
LoadResource
Sleep
WaitForSingleObject
GetLastError
SetThreadPriority
GetCurrentThread
GetExitCodeProcess
GetCurrentProcess
GetVersion
LockResource
GetCommandLineW
GetModuleHandleA
LoadLibraryA
LocalFree
LocalAlloc
GetProcAddress
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
RaiseException
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
InterlockedExchange
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
OutputDebugStringW
LoadLibraryW
SetFilePointerEx
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteConsoleW
CreateFileW
ReadFile
ReadConsoleW
SetEndOfFile
DeleteCriticalSection
user32
FindWindowW
FindWindowA
GetParent
GetDesktopWindow
GetWindowLongA
SetRect
FillRect
GetSysColor
ChildWindowFromPoint
MapWindowPoints
GetClipCursor
ClipCursor
GetCursorPos
LoadIconA
MessageBoxA
GetWindowRect
GetClientRect
RedrawWindow
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
ChangeDisplaySettingsExA
SystemParametersInfoA
EnumDisplaySettingsA
SetCursorPos
DrawTextA
TrackPopupMenu
InsertMenuA
DestroyMenu
CreatePopupMenu
TranslateAcceleratorA
LoadAcceleratorsA
EnableWindow
KillTimer
SetTimer
GetAsyncKeyState
GetKeyState
SetFocus
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
DialogBoxParamA
CreateDialogParamA
BringWindowToTop
IsWindowVisible
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExA
RegisterClassA
PostQuitMessage
DefWindowProcA
PostMessageA
GetMessageExtraInfo
UnregisterHotKey
RegisterHotKey
DispatchMessageA
TranslateMessage
GetMessageA
LoadCursorA
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextA
GetDlgItem
EndDialog
DialogBoxIndirectParamA
SendMessageA
SetWindowLongA
gdi32
DeleteDC
DeleteObject
Ellipse
GetStockObject
LineTo
Rectangle
SelectObject
CreateSolidBrush
StretchBlt
SetROP2
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
Polygon
CreatePen
CreateFontIndirectA
GetDeviceCaps
StartDocA
SetMapMode
EndDoc
StartPage
EndPage
BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
SetBkMode
CreateDCA
comdlg32
GetSaveFileNameA
GetOpenFileNameA
PrintDlgA
ChooseFontA
advapi32
RegCreateKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
shell32
ShellExecuteA
Shell_NotifyIconA
ole32
CoInitialize
Sections
.text Size: 190KB - Virtual size: 189KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 43KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 434B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ransomwares/Huzuni/Huzuni.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\xxx\source\repos\Huzuni\Huzuni\obj\Debug\Huzuni.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 59KB - Virtual size: 59KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ransomwares/InfinityCrypt/InfinityCrypt.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
F:\DESKTOP!\ChkDsk\ChkDsk\obj\Debug\PremiereCrack.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 185KB - Virtual size: 184KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 312B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ransomwares/JanusPetya/Decryption key.txt
-
ransomwares/JanusPetya/JanusPetya.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 64KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 20KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
ransomwares/Krotten/Krotten.exe.exe windows:4 windows x86 arch:x86
79fd079e9d3e0619831be2cf92afa94a
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
user32
TranslateMessage
ShowWindow
SetWindowTextA
SetWindowPos
SetTimer
SetForegroundWindow
SetCursorPos
SetClipboardData
SendNotifyMessageA
SendMessageTimeoutA
SendMessageA
RegisterWindowMessageA
RegisterClassExA
PostQuitMessage
OpenClipboard
MoveWindow
ModifyMenuA
MessageBoxA
MapWindowPoints
LoadIconA
LoadCursorA
LoadBitmapA
UpdateWindow
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsIconic
InsertMenuItemA
GetWindowThreadProcessId
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetWindow
GetSystemMenu
GetSubMenu
GetParent
GetMessageA
GetMenuStringA
GetMenuItemID
GetMenuItemCount
GetMenu
GetForegroundWindow
GetDesktopWindow
GetCursorPos
keybd_event
mouse_event
KillTimer
GetClipboardData
GetClientRect
GetClassNameA
GetAsyncKeyState
EnumWindows
EnumChildWindows
EnableWindow
EnableMenuItem
EmptyClipboard
DrawMenuBar
DispatchMessageA
DefWindowProcA
CreateWindowExA
CloseClipboard
wsprintfA
kernel32
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpA
lstrcatA
WriteProcessMemory
WriteFile
WaitForSingleObject
VirtualProtectEx
VirtualFree
VirtualAlloc
TerminateThread
TerminateProcess
SystemTimeToFileTime
Sleep
SetPriorityClass
SetLocalTime
SetFileTime
SetFilePointer
SetFileAttributesA
SetEndOfFile
SetCurrentDirectoryA
RtlMoveMemory
ResumeThread
RemoveDirectoryA
ReadProcessMemory
ReadFile
OpenProcess
MoveFileA
LocalFileTimeToFileTime
LoadLibraryA
InterlockedIncrement
GlobalUnlock
GlobalLock
GlobalAlloc
GetWindowsDirectoryA
GetVersionExA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocalTime
GetLastError
GetFileTime
GetFileSize
GetFileAttributesA
GetExitCodeProcess
GetCurrentProcess
CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
CreateMutexA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
GetCurrentDirectoryA
FindClose
FindFirstFileA
FindNextFileA
GetCommandLineA
FileTimeToSystemTime
shell32
ShellExecuteExA
DragQueryFileA
DragFinish
gdi32
DeleteObject
advapi32
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
winmm
timeSetEvent
timeKillEvent
Sections
.text Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
ransomwares/Locky/Locky.exe.exe windows:5 windows x86 arch:x86
7ff21f6c00d977be0f3e10fe2269c48f
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegSaveKeyW
RegRestoreKeyW
RegEnumKeyA
RegCreateKeyExA
RegReplaceKeyA
ReadEventLogA
RegUnLoadKeyW
IsTextUnicode
CryptSignHashA
ClearEventLogW
OpenEventLogW
RegOpenKeyW
RegDeleteValueA
shell32
SHGetFileInfoA
DragFinish
SHGetMalloc
ExtractIconA
ShellMessageBoxA
FindExecutableA
SHGetDesktopFolder
SHChangeNotify
DragQueryFileA
ShellAboutA
DragQueryPoint
shlwapi
UrlIsA
UrlCompareW
PathIsURLW
PathCommonPrefixA
UrlIsOpaqueA
UrlHashW
UrlIsNoHistoryW
PathCompactPathA
UrlGetPartW
PathCombineA
UrlGetLocationW
UrlEscapeW
UrlUnescapeW
PathStripPathW
modemui
InvokeControlPanel
drvSetDefaultCommConfigA
untfs
Recover
Chkdsk
Format
kernel32
DeleteFileW
LoadLibraryA
GetProcAddress
GetProcessId
GetTickCount
WaitForSingleObject
CreateWaitableTimerA
OpenSemaphoreW
WaitNamedPipeW
InterlockedIncrement
GetProcessHeap
OpenMutexW
FindNextFileW
MoveFileExA
LoadLibraryExW
Sections
.text Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
.data Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 566KB - Virtual size: 565KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
ransomwares/Mischa/Mischa.exe.exe windows:5 windows x86 arch:x86
b69d08e7a9e8d45257d48420e3bd8e18
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
wsock32
recv
socket
getservbyname
WSASetLastError
closesocket
gethostbyaddr
gethostbyname
send
WSAAsyncSelect
WSACleanup
gethostname
inet_ntoa
connect
inet_addr
WSAStartup
ioctlsocket
htonl
WSAGetLastError
htons
ntohs
shutdown
getservbyport
winmm
mixerClose
mixerGetLineControlsW
mixerGetLineInfoW
mixerSetControlDetails
waveOutGetVolume
waveOutSetVolume
mixerGetDevCapsW
mixerOpen
mixerGetControlDetailsW
mciSendStringW
joyGetDevCapsW
joyGetPosEx
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
comctl32
ImageList_GetIconSize
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ImageList_ReplaceIcon
CreateStatusWindowW
InitCommonControlsEx
psapi
GetModuleBaseNameW
GetModuleFileNameExW
kernel32
OutputDebugStringW
WideCharToMultiByte
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
GetCurrentThreadId
lstrcmpiW
CreateThread
SetThreadPriority
GetExitCodeThread
CloseHandle
CreateMutexW
GetLastError
GetModuleHandleW
GetVersionExW
DeleteCriticalSection
GetModuleFileNameW
GetFileAttributesW
GetFullPathNameW
GetSystemTimeAsFileTime
FindFirstFileW
FindNextFileW
FindClose
FileTimeToLocalFileTime
SetEnvironmentVariableW
Beep
MoveFileW
CreateProcessW
MultiByteToWideChar
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
SetLastError
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetDiskFreeSpaceW
SetVolumeLabelW
CreateFileW
DeviceIoControl
GetDriveTypeW
FreeLibrary
CreateDirectoryW
ReadFile
WriteFile
DeleteFileW
CopyFileW
SetFileAttributesW
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameW
GetWindowsDirectoryW
GetTempPathW
GetShortPathNameW
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
QueryDosDeviceW
CompareStringW
RemoveDirectoryW
GetCurrentProcess
FormatMessageW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
SetEndOfFile
GetACP
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
FindResourceW
LoadResource
LockResource
SizeofResource
GlobalSize
GetEnvironmentVariableW
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
GetCurrentDirectoryW
SetErrorMode
InitializeCriticalSection
GetCPInfo
SetCurrentDirectoryW
Sleep
GetTickCount
MulDiv
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
HeapSize
HeapQueryInformation
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStringTypeW
HeapCreate
InitializeCriticalSectionAndSpinCount
RaiseException
SetHandleCount
IsProcessorFeaturePresent
RtlUnwind
SetFilePointer
LCMapStringW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetProcessHeap
GetVolumeInformationW
VirtualQuery
user32
IsIconic
RegisterWindowMessageW
GetSysColor
GetSysColorBrush
DrawIconEx
FillRect
DefWindowProcW
SetForegroundWindow
DialogBoxParamW
SendDlgItemMessageW
GetDlgItem
SetDlgItemTextW
IsWindowEnabled
MessageBeep
ClientToScreen
GetCursor
GetLastInputInfo
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuStringW
ExitWindowsEx
SetMenu
FlashWindow
MapWindowPoints
RedrawWindow
SetParent
GetClassInfoExW
GetAncestor
UpdateWindow
GetMessagePos
GetClassLongW
DefDlgProcW
CallWindowProcW
CheckRadioButton
IntersectRect
PtInRect
CreateAcceleratorTableW
DestroyAcceleratorTable
InsertMenuItemW
SetMenuDefaultItem
RemoveMenu
SetMenuItemInfoW
IsMenu
GetMenuItemInfoW
CreateMenu
CreatePopupMenu
SetMenuInfo
AppendMenuW
DestroyMenu
TrackPopupMenuEx
CreateIconIndirect
GetDesktopWindow
CopyImage
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
IsZoomed
SystemParametersInfoW
AdjustWindowRectEx
DrawTextW
SetRect
GetIconInfo
SetWindowTextW
IsWindowVisible
GetMenu
CheckMenuItem
LoadImageW
GetQueueStatus
SetClipboardViewer
LoadAcceleratorsW
CreateWindowExW
RegisterClassExW
LoadCursorW
DestroyIcon
DestroyWindow
IsCharAlphaW
MapVirtualKeyW
MapVirtualKeyExW
VkKeyScanExW
GetWindowTextW
mouse_event
WindowFromPoint
GetSystemMetrics
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
GetAsyncKeyState
SendInput
UnregisterHotKey
RegisterHotKey
PostQuitMessage
SendMessageTimeoutW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
IsCharUpperW
IsCharLowerW
IsCharAlphaNumericW
ToUnicodeEx
GetKeyboardLayout
CallNextHookEx
CharLowerW
ReleaseDC
GetDC
MessageBoxW
OpenClipboard
GetClipboardData
GetClipboardFormatNameW
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageW
EnumWindows
GetWindowTextLengthW
EnableWindow
InvalidateRect
SetLayeredWindowAttributes
SetWindowPos
SetWindowRgn
SetFocus
GetGUIThreadInfo
SetActiveWindow
EnumChildWindows
GetTopWindow
MoveWindow
FindWindowW
EndDialog
IsWindow
DispatchMessageW
TranslateMessage
ShowWindow
CountClipboardFormats
SetWindowLongW
ScreenToClient
IsDialogMessageW
SendMessageW
GetWindowLongW
GetKeyState
TranslateAcceleratorW
KillTimer
PeekMessageW
GetFocus
GetClassNameW
GetWindowThreadProcessId
GetForegroundWindow
GetMessageW
SetTimer
GetParent
GetDlgCtrlID
CharUpperW
IsClipboardFormatAvailable
GetWindowRect
ChangeClipboardChain
GetClientRect
AttachThreadInput
gdi32
SetBkColor
GdiFlush
CreateDIBSection
GetPixel
BitBlt
CreateCompatibleBitmap
GetSystemPaletteEntries
EnumFontFamiliesExW
SetBkMode
GetCharABCWidthsW
GetClipBox
FillRgn
GetClipRgn
ExcludeClipRect
GetDeviceCaps
DeleteObject
CreateFontW
CreateSolidBrush
GetDIBits
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteDC
GetObjectW
GetTextMetricsW
GetTextFaceW
SelectObject
GetStockObject
CreateDCW
SetTextColor
comdlg32
CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
advapi32
LockServiceDatabase
CloseServiceHandle
UnlockServiceDatabase
OpenSCManagerW
GetUserNameW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegConnectRegistryW
RegCloseKey
RegOpenKeyExW
OpenProcessToken
shell32
DragQueryPoint
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
DragFinish
DragQueryFileW
ExtractIconW
ole32
OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal
oleaut32
SafeArrayDestroy
GetActiveObject
SysStringLen
SysFreeString
SafeArrayCreate
VariantClear
VariantChangeType
SysAllocString
SafeArrayCopy
VariantCopyInd
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayUnlock
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayUnaccessData
OleLoadPicture
Sections
.text Size: 690KB - Virtual size: 690KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 150KB - Virtual size: 149KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
ransomwares/MischaV2/MischaV2.exe.exe windows:6 windows x86 arch:x86
f49f0205185750caf2c9a1ab85519307
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
ScriptedSandbox32.pdb
Imports
advapi32
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
kernel32
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
LoadLibraryExW
GetProcAddress
SizeofResource
LockResource
LoadResource
FindResourceW
FlushInstructionCache
CompareStringOrdinal
RaiseFailFastException
CloseHandle
ReadFile
WriteFile
CreatePipe
CreateThread
OpenProcess
GetModuleHandleW
DecodePointer
SetEvent
GetTempPathW
GetTempFileNameW
ReadProcessMemory
CreateEventW
WaitForSingleObject
WaitForMultipleObjects
ExitProcess
GetCurrentProcessId
GetVersion
GetCurrentProcess
SetLastError
GetCurrentThreadId
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
RaiseException
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
FindResourceExW
FindAtomW
AddAtomW
LoadLibraryW
GetFileAttributesW
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReadConsoleW
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
CreateFileW
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
GetFileType
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
GetCommandLineW
gdi32
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps
user32
CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
GetWindowLongW
SetWindowLongW
DefWindowProcW
LoadCursorW
RegisterClassExW
UnregisterClassW
IsWindow
IsChild
GetFocus
SetFocus
GetWindow
PostMessageW
AttachThreadInput
InvalidateRgn
GetClientRect
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
GetParent
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
SetTimer
KillTimer
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetParent
GetAsyncKeyState
GetGUIThreadInfo
GetWindowThreadProcessId
SetProcessDPIAware
PostThreadMessageW
DispatchMessageW
TranslateMessage
PostQuitMessage
GetMessageW
GetDoubleClickTime
AllowSetForegroundWindow
GetMonitorInfoW
MonitorFromPoint
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
GetDlgItem
SendMessageW
GetClassNameW
GetSysColor
CharNextW
SetWindowPos
RedrawWindow
ole32
OleLockRunning
CoTaskMemFree
CoCreateInstance
CoGetClassObject
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemAlloc
CoInitializeEx
CoReleaseServerProcess
CoAddRefServerProcess
CoUninitialize
CoInitialize
IIDFromString
CreateBindCtx
CLSIDFromString
CLSIDFromProgID
CoGetMalloc
oleaut32
SysStringLen
SysFreeString
SysAllocString
OleCreateFontIndirect
SysStringByteLen
SysAllocStringByteLen
DispCallFunc
VariantChangeType
VarBstrCat
SysAllocStringLen
VariantInit
LoadTypeLi
LoadRegTypeLi
VariantClear
shlwapi
PathFindFileNameW
StrStrW
ord12
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
wer
WerReportAddFile
WerReportCloseHandle
WerReportSubmit
WerReportSetParameter
WerReportCreate
urlmon
CreateUri
Sections
.text Size: 249KB - Virtual size: 249KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 829B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.xxxx Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
ransomwares/NoMoreRansom/NoMoreRansom.exe.exe windows:5 windows x86 arch:x86
f4aae2cc8a2971ab9714645e85b7edb6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
InitializeSListHead
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadHugeReadPtr
IsDebuggerPresent
IsProcessorFeaturePresent
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LocalReAlloc
LockResource
MoveFileExA
MulDiv
MultiByteToWideChar
OpenFileMappingW
OutputDebugStringA
OutputDebugStringW
QueryDosDeviceW
QueryPerformanceCounter
RaiseException
ReadConsoleInputW
ReadConsoleW
ReadFile
InitializeCriticalSectionAndSpinCount
RtlMoveMemory
RtlUnwind
SetCalendarInfoA
SetComputerNameA
SetEvent
SetHandleCount
SetLastError
SetThreadExecutionState
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
lstrcmpA
lstrcmpW
lstrcmpiW
lstrlenA
InitializeCriticalSection
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalReAlloc
GlobalMemoryStatusEx
GlobalLock
GlobalHandle
GlobalGetAtomNameA
GlobalFree
GlobalFlags
GlobalFix
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetWindowsDirectoryW
GetVolumePathNamesForVolumeNameW
GetVersionExA
GetVersion
GetTimeZoneInformation
GetTickCount
GetTempFileNameA
GetTapePosition
GetSystemTimes
GetSystemTimeAsFileTime
GetSystemInfo
GetStdHandle
GetStartupInfoW
GetStartupInfoA
GetProcessHeap
GetProcAddress
GetPrivateProfileStringA
GetPrivateProfileIntW
GetPrivateProfileIntA
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
GetLongPathNameW
GetLocaleInfoA
GetLastError
GetFullPathNameW
GetFileType
GetFileSizeEx
GetFileSize
GetFileAttributesExW
GetEnvironmentStringsW
GetEnvironmentStrings
GetDiskFreeSpaceExW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetConsoleAliasExesLengthA
GetCommandLineW
GetCommandLineA
GetBinaryTypeA
FreeResource
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageA
FlushFileBuffers
FindVolumeClose
FindResourceA
FindNextVolumeW
FindFirstVolumeW
FindFirstVolumeMountPointW
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
ExitProcess
EnumResourceLanguagesA
EnumDateFormatsW
EnterCriticalSection
DosDateTimeToFileTime
DeleteFileW
DeleteFileA
DeleteCriticalSection
DeleteAtom
CreateThread
CreateFileW
CreateFileA
CreateEventW
CreateEventA
CopyFileA
ConvertDefaultLocale
CompareStringW
CompareStringA
CommConfigDialogW
CloseHandle
Beep
GetModuleHandleA
RtlFillMemory
VirtualAlloc
user32
MessageBoxW
ModifyMenuA
OpenClipboard
PeekMessageA
PostMessageA
PostMessageW
PostQuitMessage
PostThreadMessageA
PostThreadMessageW
PtInRect
RedrawWindow
RegisterClassA
RegisterClassExW
RegisterClipboardFormatA
RegisterClipboardFormatW
RegisterWindowMessageA
RegisterWindowMessageW
ReleaseDC
RemovePropA
RemovePropW
SendDlgItemMessageA
SendMessageA
SendMessageCallbackA
SendMessageTimeoutW
SendMessageW
SetActiveWindow
SetCursor
SetFocus
SetForegroundWindow
SetMenuInfo
SetMenuItemBitmaps
SetPropA
SetPropW
SetRect
SetScrollInfo
SetTimer
SetWindowLongA
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowTextA
SetWindowsHookExA
ShowWindow
SystemParametersInfoA
SystemParametersInfoW
TabbedTextOutA
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnregisterClassA
UnregisterDeviceNotification
UpdateLayeredWindow
UpdateWindow
ValidateRect
WINNLSGetEnableStatus
WaitMessage
WinHelpA
keybd_event
MessageBoxA
MapWindowPoints
MapVirtualKeyW
LoadCursorW
LoadCursorA
LoadBitmapA
KillTimer
IsWindowEnabled
IsWindow
IsDialogMessageA
IsCharAlphaNumericW
InvalidateRect
InflateRect
GrayStringA
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowModuleFileNameW
GetWindowModuleFileName
GetWindowLongW
GetWindowLongA
GetWindowDC
GetWindow
GetUserObjectSecurity
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropA
GetParent
GetNextDlgTabItem
GetMonitorInfoA
GetMessageW
GetMessageTime
GetMessagePos
GetMessageA
GetMenuState
GetMenuItemID
GetMenu
GetLastActivePopup
GetKeyState
GetInputState
GetIconInfo
GetFocus
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
GetCursorPos
GetComboBoxInfo
GetClientRect
GetClassNameW
GetClassNameA
GetClassLongA
GetClassInfoExW
GetClassInfoExA
GetClassInfoA
GetCapture
FrameRect
FindWindowW
FillRect
EnumWindows
EnumDesktopWindows
EndPaint
EndDialog
EnableWindow
EnableMenuItem
EmptyClipboard
DrawTextW
DrawTextExA
DrawTextA
DrawMenuBar
DrawFrameControl
DlgDirListComboBoxA
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DeregisterShellHookWindow
DefWindowProcA
DdeCmpStringHandles
CreateWindowExA
CreateDialogIndirectParamA
CopyRect
CopyImage
CloseClipboard
ClientToScreen
CheckMenuItem
CharNextA
ChangeMenuA
CallWindowProcW
CallWindowProcA
CallNextHookEx
BeginPaint
AppendMenuW
AllowSetForegroundWindow
AdjustWindowRectEx
CloseDesktop
GetCursor
GetWindowTextLengthW
PaintDesktop
GetDesktopWindow
CreatePopupMenu
GetKeyboardType
DestroyCursor
EndMenu
AnyPopup
OemKeyScan
GetTopWindow
IsCharUpperA
GetKBCodePage
GetSysColor
GetOpenClipboardWindow
GetForegroundWindow
GetDoubleClickTime
GetActiveWindow
CreateMenu
LoadIconA
IsWindowVisible
CopyIcon
GetDC
CharLowerW
IsCharLowerA
ShowCaret
IsIconic
GetMenuCheckMarkDimensions
OpenIcon
GetKeyboardLayout
GetWindowTextLengthA
ReleaseCapture
GetDlgCtrlID
CharNextW
GetDialogBaseUnits
CharUpperW
CharUpperA
LoadCursorFromFileA
GetAsyncKeyState
GetMenuItemCount
gdi32
PolyTextOutA
PtVisible
RectVisible
RemoveFontResourceExA
RestoreDC
STROBJ_bEnum
SaveDC
ScaleViewportExtEx
ScaleWindowExtEx
SelectObject
SetBkColor
PlayMetaFile
SetEnhMetaFileBits
SetICMMode
SetMapMode
SetPaletteEntries
SetRectRgn
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
TextOutA
XLATEOBJ_piVector
OffsetViewportOrgEx
GetTextFaceA
GetOutlineTextMetricsA
GetObjectA
GetGraphicsMode
GetGlyphOutlineWow
GetFontData
GetEnhMetaFilePaletteEntries
GetDeviceCaps
GetClipBox
GdiValidateHandle
GdiResetDCEMF
GdiProcessSetup
GdiInitializeLanguagePack
GdiGetLocalDC
SetDIBits
EndDoc
GdiEntry10
FrameRgn
ExtTextOutA
Escape
EqualRgn
EngStretchBltROP
EngCreateClip
EngCreateBitmap
DeleteObject
DeleteDC
CreatePalette
CreateICA
CreateFontIndirectA
CreateDIBSection
CreateBitmap
CopyMetaFileA
CLIPOBJ_ppoGetPath
AddFontMemResourceEx
RealizePalette
StrokePath
DeleteMetaFile
GetLayout
GetStretchBltMode
GetPixelFormat
AddFontResourceW
GetFontLanguageInfo
GetStockObject
UnrealizeObject
CloseEnhMetaFile
GetMapMode
AbortPath
SwapBuffers
GetEnhMetaFileW
DeleteColorSpace
SetMetaRgn
DeleteEnhMetaFile
GetSystemPaletteUse
GetTextAlign
CreateMetaFileA
AbortDoc
CancelDC
GdiFlush
advapi32
RegQueryValueExA
RegQueryValueA
RegOpenKeyExW
RegOpenKeyExA
RegOpenKeyA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegOpenKeyW
RegQueryValueExW
RegSetValueExA
shell32
ShellExecuteW
ShellExecuteEx
ShellAboutW
SHQueryRecycleBinW
SHPathPrepareForWriteA
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetPathFromIDListA
SHGetPathFromIDList
SHGetFolderPathW
SHGetFolderPathA
SHGetFolderLocation
SHGetFileInfoW
SHGetFileInfo
SHGetDiskFreeSpaceExW
SHGetDiskFreeSpaceA
SHGetDesktopFolder
SHGetDataFromIDListA
SHFileOperationW
SHFileOperationA
SHEmptyRecycleBinA
SHCreateDirectoryExA
ExtractIconExW
ExtractIconA
DuplicateIcon
DragQueryFileW
DragQueryFile
DragFinish
DragAcceptFiles
DoEnvironmentSubstW
CommandLineToArgvW
ole32
OleFlushClipboard
OleInitialize
OleIsCurrentClipboard
OleUninitialize
CoSuspendClassObjects
CoRevokeClassObject
CoResumeClassObjects
CoRegisterMessageFilter
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoFreeUnusedLibraries
CoCreateInstance
CoUninitialize
shlwapi
PathFindExtensionA
PathFindFileNameA
PathFindFileNameW
PathIsUNCA
PathStripToRootA
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
Sections
.text Size: 980KB - Virtual size: 979KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 248KB - Virtual size: 248KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 163KB - Virtual size: 671KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
ransomwares/NotPetya/NotPetya.exe.exe windows:5 windows x86 arch:x86
adc91e78c31ad4f7f2dc94e73db3a3f2
Code Sign
2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before22-08-2007 22:31Not After25-08-2012 07:00SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:01:cf:3e:00:00:00:00:00:0fCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07-12-2009 22:40Not After07-03-2011 22:40SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before16-09-2006 01:04Not After15-09-2019 07:00SubjectCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:05:a2:30:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before25-07-2008 19:01Not After25-07-2013 19:11SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
4a:63:4e:91:74:a3:d3:73:ad:dd:d1:e4:4b:3f:4b:b2:f7:58:e5:09Signer
Actual PE Digest4a:63:4e:91:74:a3:d3:73:ad:dd:d1:e4:4b:3f:4b:b2:f7:58:e5:09Digest Algorithmsha1PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
ExitProcess
CreateProcessW
WriteFile
GetSystemDirectoryW
CreateFileW
CloseHandle
GetWindowsDirectoryW
user32
wsprintfW
Sections
.text Size: 512B - Virtual size: 426B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 380B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 812B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[0] Size: 354KB - Virtual size: 353KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 840B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ransomwares/PetrWrap/PetrWrap(Patched).exe.exe windows:5 windows x86 arch:x86
90cfb770dd8b0646a46fc541c93185a2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetCurrentProcessId
GetTickCount
GetVersionExA
FreeLibrary
GetProcAddress
GlobalMemoryStatus
LoadLibraryA
HeapAlloc
HeapFree
GetCommandLineA
HeapReAlloc
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
IsDebuggerPresent
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ReadFile
EncodePointer
DecodePointer
InterlockedDecrement
ExitProcess
AreFileApisANSI
MultiByteToWideChar
GetProcessHeap
SetLastError
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
GetEnvironmentStringsW
QueryPerformanceCounter
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryExW
LoadLibraryW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
SetFilePointer
SetFilePointerEx
SetStdHandle
GetStringTypeW
LCMapStringW
HeapSize
CreateFileW
SetEndOfFile
GetVersion
GetCurrentThreadId
GetLastError
GetFileType
GetStdHandle
Sleep
VirtualAlloc
CreateFileA
CloseHandle
FreeEnvironmentStringsW
WriteFile
user32
GetUserObjectInformationW
GetProcessWindowStation
wsprintfA
MessageBoxA
GetDesktopWindow
advapi32
ReportEventA
DeregisterEventSource
RegisterEventSourceA
Sections
.text Size: 205KB - Virtual size: 205KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 82KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 139KB - Virtual size: 148KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 45KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ransomwares/PetrWrap/PetrWrap.exe.exe windows:5 windows x86 arch:x86
90cfb770dd8b0646a46fc541c93185a2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetCurrentProcessId
GetTickCount
GetVersionExA
FreeLibrary
GetProcAddress
GlobalMemoryStatus
LoadLibraryA
HeapAlloc
HeapFree
GetCommandLineA
HeapReAlloc
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
IsDebuggerPresent
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ReadFile
EncodePointer
DecodePointer
InterlockedDecrement
ExitProcess
AreFileApisANSI
MultiByteToWideChar
GetProcessHeap
SetLastError
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
GetEnvironmentStringsW
QueryPerformanceCounter
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryExW
LoadLibraryW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
SetFilePointer
SetFilePointerEx
SetStdHandle
GetStringTypeW
LCMapStringW
HeapSize
CreateFileW
SetEndOfFile
GetVersion
GetCurrentThreadId
GetLastError
GetFileType
GetStdHandle
Sleep
VirtualAlloc
CreateFileA
CloseHandle
FreeEnvironmentStringsW
WriteFile
user32
GetUserObjectInformationW
GetProcessWindowStation
wsprintfA
MessageBoxA
GetDesktopWindow
advapi32
ReportEventA
DeregisterEventSource
RegisterEventSourceA
Sections
.text Size: 205KB - Virtual size: 205KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 82KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 139KB - Virtual size: 148KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 45KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ransomwares/Petya.A/Petya.A.exe.exe windows:5 windows x86 arch:x86
1a63922d5931d1bb8ca5188313f78eaa
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
GoogleCrashHandler_unsigned.pdb
Imports
kernel32
GetCurrentThreadId
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CreateSemaphoreW
FreeLibrary
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
LCMapStringW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
CreateFileW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LocalFree
CreateDirectoryW
DeleteFileW
GetCurrentThread
WaitForMultipleObjects
LoadLibraryW
WaitForSingleObject
GetExitCodeProcess
DuplicateHandle
ReleaseMutex
GetEnvironmentVariableW
lstrcmpiW
VirtualQuery
GetTempPathW
GetLocalTime
OutputDebugStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcmpW
lstrlenW
SetFilePointer
CreateMutexW
InitializeCriticalSection
TryEnterCriticalSection
SetEvent
ResetEvent
GetFileAttributesExW
SetLastError
VerifyVersionInfoW
VerSetConditionMask
MoveFileExW
GetFileTime
ReadFile
DeviceIoControl
SetProcessWorkingSetSize
OpenProcess
CreateProcessW
ReadProcessMemory
lstrcpynW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateThread
DebugActiveProcess
GetThreadContext
DebugActiveProcessStop
VirtualQueryEx
GetProcessId
GetSystemInfo
ContinueDebugEvent
WaitForDebugEvent
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
GetCommandLineW
EncodePointer
LeaveCriticalSection
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
RtlCaptureContext
ReleaseSemaphore
EnterCriticalSection
OutputDebugStringW
DeleteCriticalSection
DecodePointer
HeapSize
GetProcAddress
GetLastError
RaiseException
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetProcessHeap
GetModuleHandleW
HeapFree
IsDebuggerPresent
GetUserDefaultLangID
GetSystemDefaultLangID
GetComputerNameExW
GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
UnregisterWait
GetProcessTimes
UnregisterWaitEx
RegisterWaitForSingleObject
VirtualProtect
VirtualAlloc
HeapAlloc
RemoveDirectoryW
HeapReAlloc
user32
SetClipboardData
EmptyClipboard
OpenClipboard
GetProcessWindowStation
CloseDesktop
CloseClipboard
CharUpperW
CharLowerW
PostThreadMessageW
DispatchMessageW
GetMessageW
PeekMessageW
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
SetThreadDesktop
CreateWindowStationW
CloseWindowStation
GetThreadDesktop
SetProcessWindowStation
CreateDesktopW
wvsprintfW
wsprintfW
MessageBoxW
advapi32
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
GetLengthSid
CopySid
IsValidSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorDacl
AddAce
InitializeAcl
GetAclInformation
InitializeSecurityDescriptor
MakeAbsoluteSD
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetAce
MakeSelfRelativeSD
GetSecurityDescriptorLength
EqualSid
SetNamedSecurityInfoW
ConvertStringSidToSidW
OpenThreadToken
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
ConvertSidToStringSidW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
SetSecurityDescriptorSacl
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
SetTokenInformation
ole32
CoCreateGuid
StringFromGUID2
shell32
SHGetFolderPathW
netapi32
NetApiBufferFree
NetWkstaGetInfo
rpcrt4
UuidCreate
shlwapi
PathRemoveExtensionW
PathRemoveFileSpecW
PathStripPathW
PathCanonicalizeW
PathIsRelativeW
SHQueryValueExW
PathAppendW
userenv
UnloadUserProfile
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
Sections
.text Size: 156KB - Virtual size: 155KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 48KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ransomwares/PetyaMFTDestroyer/Key.txt
-
ransomwares/PetyaMFTDestroyer/PetyaMFTDestroyer.exe.exe windows:5 windows x86 arch:x86
21e4a55f42c2dcfd0d47cf2cda2692aa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CreateFileA
SetFilePointer
SetFilePointerEx
WriteFile
ReadFile
DeviceIoControl
CloseHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 412B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 448B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 184B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ransomwares/PolyRansom/PolyRansom.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 215KB - Virtual size: 214KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
ransomwares/PowerPoint/PowerPoint.exe.exe windows:4 windows x86 arch:x86
91b2790c505bbe69e215e722d884b1b4
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
crtdll
sprintf
kernel32
CreateProcessA
GlobalAddAtomA
GlobalFindAtomA
GetVersion
GetTempPathA
GetTickCount
ExitProcess
GetModuleFileNameA
CopyFileA
Sleep
CloseHandle
GetModuleHandleA
GetCurrentProcess
CreateFileA
ReadFile
SetFilePointer
WriteFile
GetFileSize
GlobalAlloc
DeleteFileA
user32
ExitWindowsEx
shell32
ShellExecuteA
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 127KB - Virtual size: 126KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
ransomwares/RansomBlox/RansomBlox.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
aJcA+ Size: 55KB - Virtual size: 54KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 47KB - Virtual size: 47KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 109KB - Virtual size: 109KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
ransomwares/RedBoot/RedBoot.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 1.4MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 343KB - Virtual size: 344KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 873KB - Virtual size: 876KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
ransomwares/RedEye/RedEye.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 10.5MB - Virtual size: 10.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 106KB - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ransomwares/Rensenware/Rensenware.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\mkang\Documents\Visual Studio 2017\Projects\renseiWare\rensenWare\obj\Release\rensenWare.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ransomwares/Rokku/Rokku.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
UPX0 Size: - Virtual size: 912KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 665KB - Virtual size: 668KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX2 Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
ransomwares/Seftad/Seftad.exe.exe windows:5 windows x86 arch:x86
45f43067991f331f7e6d9d92f382f3ef
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CreateFileA
FindResourceA
SetFilePointer
LoadResource
WriteFile
SizeofResource
ReadFile
LockResource
CloseHandle
FlushFileBuffers
CreateFileW
IsProcessorFeaturePresent
HeapReAlloc
GetStringTypeW
GetLastError
HeapFree
HeapAlloc
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
HeapCreate
GetStdHandle
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
HeapSize
RtlUnwind
SetStdHandle
WriteConsoleW
MultiByteToWideChar
LCMapStringW
ole32
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
oleaut32
VariantClear
Sections
.text Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ransomwares/Sodinokibi/Sodinokibi.exe.exe windows:5 windows x86 arch:x86
3eff7b78fa879bdd7bc10b8b899e0ab3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrlenW
SetErrorMode
VerSetConditionMask
CloseHandle
GetExitCodeProcess
VerifyVersionInfoW
lstrcmpA
oleaut32
VariantClear
VariantInit
Sections
.text Size: 46KB - Virtual size: 45KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.axh Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ransomwares/ViraLock/ViraLock.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 190KB - Virtual size: 190KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
ransomwares/WannaCry 1.0/WannaCry 1.0.exe.exe windows:4 windows x86 arch:x86
e858a14f217810d78466806d95d7fceb
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetFileSizeEx
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
GetFileSize
LeaveCriticalSection
EnterCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
SetErrorMode
VirtualAlloc
VirtualFree
FreeLibrary
HeapAlloc
GetProcessHeap
GetModuleHandleA
SetLastError
VirtualProtect
IsBadReadPtr
HeapFree
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryA
GetStartupInfoA
ReadFile
SetFilePointer
WriteFile
SetFileTime
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
GlobalAlloc
LoadLibraryA
GetProcAddress
GlobalFree
GetModuleFileNameA
CloseHandle
user32
wsprintfA
advapi32
CryptDecrypt
CryptDestroyKey
CryptReleaseContext
CryptImportKey
CryptAcquireContextA
ws2_32
WSAStartup
inet_addr
WSACleanup
msvcrt
_controlfp
__set_app_type
__p__fmode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
__p__commode
strcpy
memset
strlen
memcpy
__CxxFrameHandler
??3@YAXPAX@Z
memcmp
_except_handler3
_local_unwind2
??2@YAPAXI@Z
sscanf
strcmp
__p___argv
__p___argc
strrchr
realloc
_stricmp
free
malloc
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
calloc
strcat
_mbsstr
Sections
.text Size: 28KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 160KB - Virtual size: 158KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
ransomwares/WannaCrypt0r/WannaCrypt0r.exe.exe windows:4 windows x86 arch:x86
68f013d7437aa653a8a98a05807afeb1
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetFileAttributesW
GetFileSizeEx
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
ReadFile
GetFileSize
WriteFile
LeaveCriticalSection
EnterCriticalSection
SetFileAttributesW
SetCurrentDirectoryW
CreateDirectoryW
GetTempPathW
GetWindowsDirectoryW
GetFileAttributesA
SizeofResource
LockResource
LoadResource
MultiByteToWideChar
Sleep
OpenMutexA
GetFullPathNameA
CopyFileA
GetModuleFileNameA
VirtualAlloc
VirtualFree
FreeLibrary
HeapAlloc
GetProcessHeap
GetModuleHandleA
SetLastError
VirtualProtect
IsBadReadPtr
HeapFree
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryA
GetStartupInfoA
SetFilePointer
SetFileTime
GetComputerNameW
GetCurrentDirectoryA
SetCurrentDirectoryA
GlobalAlloc
LoadLibraryA
GetProcAddress
GlobalFree
CreateProcessA
CloseHandle
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
FindResourceA
user32
wsprintfA
advapi32
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
CryptReleaseContext
RegCreateKeyW
RegSetValueExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
msvcrt
realloc
fclose
fwrite
fread
fopen
sprintf
rand
srand
strcpy
memset
strlen
wcscat
wcslen
__CxxFrameHandler
??3@YAXPAX@Z
memcmp
_except_handler3
_local_unwind2
wcsrchr
swprintf
??2@YAPAXI@Z
memcpy
strcmp
strrchr
__p___argv
__p___argc
_stricmp
free
malloc
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
calloc
strcat
_mbsstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
Sections
.text Size: 28KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.3MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
ransomwares/Wannacry (Plus)/Wannacry (Plus).exe.dll windows:4 windows x86 arch:x86
2e5708ae5fed0403e8117c645fb23e5b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
WriteFile
CreateFileA
SizeofResource
LockResource
LoadResource
FindResourceA
CreateProcessA
msvcrt
free
_initterm
malloc
_adjust_fdiv
sprintf
Exports
Exports
PlayGame
Sections
.text Size: 4KB - Virtual size: 652B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 472B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 340B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5.0MB - Virtual size: 5.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 684B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ransomwares/Windows10Update/Windows10Update.exe.exe windows:5 windows x86 arch:x86
eb97e4fc5518ac300a92a11673825e0b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
wsock32
WSACleanup
socket
inet_ntoa
setsockopt
ntohs
recvfrom
ioctlsocket
htons
WSAStartup
__WSAFDIsSet
select
accept
listen
bind
closesocket
WSAGetLastError
recv
sendto
send
inet_addr
gethostbyname
gethostname
connect
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
winmm
timeGetTime
waveOutSetVolume
mciSendStringW
comctl32
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create
mpr
WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W
wininet
InternetQueryDataAvailable
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetConnectW
psapi
GetProcessMemoryInfo
iphlpapi
IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho
userenv
DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW
uxtheme
IsThemeActive
kernel32
DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
SetCurrentDirectoryW
GetLongPathNameW
GetShortPathNameW
DeleteFileW
FindNextFileW
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
LoadLibraryW
VirtualAlloc
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentThread
CloseHandle
GetFullPathNameW
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
FindClose
SetEnvironmentVariableA
user32
AdjustWindowRectEx
CopyImage
SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
SetRect
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
MonitorFromRect
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterHotKey
CheckMenuRadioItem
CharLowerBuffW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
LoadImageW
GetClassNameW
gdi32
StrokePath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
GetDeviceCaps
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
DeleteDC
GetPixel
CreateDCW
GetStockObject
GetTextFaceW
CreateFontW
SetTextColor
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
StrokeAndFillPath
comdlg32
GetOpenFileNameW
GetSaveFileNameW
advapi32
GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
RegCreateKeyExW
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
AddAce
SetSecurityDescriptorDacl
GetUserNameW
InitiateSystemShutdownExW
shell32
DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish
ole32
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoSetProxyBlanket
CoCreateInstanceEx
CoInitializeSecurity
oleaut32
LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
RegisterTypeLi
CreateStdDispatch
DispCallFunc
VariantChangeType
SysStringLen
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
VariantCopy
VariantClear
OleLoadPicture
QueryPathOfRegTypeLi
RegisterTypeLibForUser
UnRegisterTypeLibForUser
UnRegisterTypeLi
CreateDispTypeInfo
SysAllocString
VariantInit
Sections
.text Size: 568KB - Virtual size: 567KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 191KB - Virtual size: 191KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 230KB - Virtual size: 229KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ransomwares/Winlocker.VB6.Blacksod/Winlocker.VB6.Blacksod/WinlockerVB6Blacksod.exe.exe windows:5 windows x86 arch:x86
fdc840a7a99c43c34a60188ec8cc1596
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Users\victor\Desktop\BRANCH\win\Release\stubs\x86\ExternalUi.pdb
Imports
kernel32
CreateDirectoryW
GetCurrentProcessId
GetExitCodeThread
SetEvent
CreateEventW
SetLastError
LoadLibraryW
FreeLibrary
lstrlenW
GetVersionExW
CreateFileA
SetStdHandle
WriteConsoleW
WriteConsoleA
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetDiskFreeSpaceExW
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
ExitProcess
lstrcmpiW
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoW
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
PeekNamedPipe
OpenEventW
CopyFileExW
CompareFileTime
GetVersion
ResetEvent
MoveFileW
GetLocaleInfoA
GetStringTypeW
ConnectNamedPipe
CreateNamedPipeW
TerminateThread
GetSystemDirectoryW
GetLocalTime
OutputDebugStringW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetWindowsDirectoryW
FileTimeToSystemTime
GetUserDefaultLangID
GetSystemDefaultLangID
GetDriveTypeW
CompareStringW
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpW
GetFileSize
ReadFile
GlobalFree
GetTempPathW
GetSystemTime
SystemTimeToFileTime
GetTempFileNameW
DeleteFileW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
GetLogicalDriveStringsW
GetFileAttributesW
SetFileAttributesW
GetFileTime
CopyFileW
FindClose
MultiByteToWideChar
LoadLibraryExW
WideCharToMultiByte
InterlockedExchange
GetSystemInfo
TlsFree
WaitForMultipleObjects
Sleep
GetLastError
GetCurrentThreadId
WaitForSingleObject
MulDiv
lstrcpynW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLocaleInfoW
EnumResourceLanguagesW
SetEndOfFile
SetCurrentDirectoryW
GetCommandLineW
GetExitCodeProcess
CreateProcessW
GetModuleFileNameA
FlushFileBuffers
LeaveCriticalSection
SetFilePointer
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetStdHandle
SetConsoleTextAttribute
GetFullPathNameW
GetCurrentThread
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetModuleHandleW
GetProcAddress
RaiseException
FlushInstructionCache
GetCurrentProcess
CloseHandle
WriteFile
CreateFileW
FreeEnvironmentStringsW
LocalAlloc
LocalFree
LoadLibraryA
GetShortPathNameW
GetEnvironmentVariableW
FormatMessageW
CreateThread
SetUnhandledExceptionFilter
user32
MapWindowPoints
GetParent
GetWindow
GetClientRect
GetWindowTextW
GetWindowTextLengthW
FillRect
IsWindow
ShowWindow
GetWindowRect
UnionRect
IsWindowVisible
BeginPaint
EndPaint
ScreenToClient
SetWindowPos
GetWindowDC
LookupIconIdFromDirectoryEx
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
SendMessageW
DrawFrameControl
RegisterWindowMessageW
InvalidateRgn
GetDesktopWindow
GetKeyState
DrawStateW
DrawTextExW
DrawFocusRect
ValidateRect
DestroyMenu
AppendMenuW
CreatePopupMenu
TrackPopupMenu
InflateRect
LoadBitmapW
MessageBeep
LoadImageW
CharNextW
GetClassNameW
ReleaseCapture
SetCapture
UpdateWindow
DestroyIcon
GetDlgCtrlID
GetCapture
SetScrollInfo
GetScrollPos
GetClassInfoExW
RegisterClassExW
DrawEdge
SetScrollPos
SetRect
MoveWindow
GetScrollInfo
GetMessagePos
SystemParametersInfoW
GetActiveWindow
TrackMouseEvent
GetAsyncKeyState
DestroyCursor
GetWindowRgn
IsZoomed
SetWindowRgn
GetComboBoxInfo
DestroyAcceleratorTable
CreateAcceleratorTableW
TranslateAcceleratorW
CreateDialogParamW
EndDialog
DialogBoxParamW
InvalidateRect
GetNextDlgTabItem
SetCursor
MonitorFromWindow
GetMonitorInfoW
IsDialogMessageW
IsChild
PostQuitMessage
PostMessageW
SetForegroundWindow
SetCursorPos
GetCursorPos
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadCursorW
LoadStringW
MessageBoxW
GetFocus
EnableWindow
DestroyWindow
GetForegroundWindow
EnumWindows
GetWindowThreadProcessId
DialogBoxIndirectParamW
MsgWaitForMultipleObjects
GetPropW
GetSystemMenu
EnableMenuItem
ModifyMenuW
ExitWindowsEx
GetScrollRange
SetPropW
RemovePropW
LoadMenuW
GetSubMenu
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
GetIconInfo
SendMessageTimeoutW
UnregisterClassA
DrawTextW
DrawIconEx
GetSystemMetrics
ClientToScreen
OffsetRect
SetRectEmpty
PtInRect
GetSysColorBrush
IntersectRect
IsRectEmpty
SendMessageA
IsWindowEnabled
CopyRect
RedrawWindow
SetFocus
GetSysColor
CreateWindowExW
GetDlgItem
SetWindowTextW
EqualRect
SetTimer
KillTimer
GetDC
ReleaseDC
CreateIconFromResourceEx
gdi32
GetLayout
GetBrushOrgEx
CreateFontIndirectW
CreateSolidBrush
GetRgnBox
EqualRgn
CreatePolygonRgn
CreateRectRgnIndirect
GetStockObject
CreateFontW
SetBkMode
SetTextColor
SetBrushOrgEx
CreatePatternBrush
FillRgn
SelectClipRgn
GetBitmapBits
CreateRectRgn
GetObjectW
GetDeviceCaps
Rectangle
ExcludeClipRect
CreatePen
ExtTextOutW
SetBkColor
BitBlt
SetViewportOrgEx
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
SelectObject
DeleteDC
CreateDIBSection
CreateBitmapIndirect
CombineRgn
advapi32
RegOpenKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
GetSecurityDescriptorDacl
AdjustTokenPrivileges
LookupPrivilegeValueW
StartServiceW
QueryServiceStatus
OpenServiceW
RegDeleteValueA
RegQueryValueExA
RegOpenKeyA
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExA
OpenSCManagerW
LockServiceDatabase
UnlockServiceDatabase
CloseServiceHandle
RegOpenKeyExA
RegEnumValueA
LookupAccountSidW
RegCreateKeyW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
RegDeleteKeyA
RegCreateKeyA
shell32
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
SHGetSpecialFolderLocation
ole32
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoUninitialize
CoCreateGuid
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoInitializeEx
CoCreateInstance
oleaut32
VarDateFromStr
VarUI4FromStr
OleLoadPicture
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect
VariantCopy
VariantInit
VariantClear
SysAllocString
SysFreeString
dbghelp
SymGetLineFromAddr
SymSetSearchPath
SymCleanup
SymInitialize
SymSetOptions
SymFunctionTableAccess
StackWalk
SymGetModuleBase
shlwapi
PathIsDirectoryW
PathAddBackslashW
PathIsUNCW
PathFileExistsW
comctl32
ImageList_Destroy
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_LoadImageW
ImageList_GetIcon
ImageList_AddMasked
ImageList_SetBkColor
_TrackMouseEvent
ImageList_Add
ImageList_ReplaceIcon
ImageList_Create
CreatePropertySheetPageW
PropertySheetW
msimg32
AlphaBlend
TransparentBlt
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
mpr
WNetAddConnection2W
comdlg32
GetOpenFileNameW
GetSaveFileNameW
Sections
.text Size: 1010KB - Virtual size: 1009KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 239KB - Virtual size: 238KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 71KB - Virtual size: 70KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 96KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ransomwares/Xyeta/Xyeta.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 228KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 67KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE