5b79b6a81407caf12cf1894346a15e40c4dc017a35105119db3b23c7bf91c7b0

Sharing

Copy URL

Twitter E-mail

General

Target

5b79b6a81407caf12cf1894346a15e40c4dc017a35105119db3b23c7bf91c7b0
Size

236KB
MD5

6aa5d9b03d34c87026ac11a6f30524fe
SHA1

c0c532d64bc1d16aeb12ea58c9e94c48eb3d64d4
SHA256

5b79b6a81407caf12cf1894346a15e40c4dc017a35105119db3b23c7bf91c7b0
SHA512

1e0cdbfd5399c03e6db32b309d38f56dc0761d6a9d2319c712f771fecc9fec8aac0c2dd2ee00e4674b26168265558e4d02a810a6326c73e36a1e453ecc394069
SSDEEP

3072:A2XIX/5EEAmkN7HqOaeV/RPMObiZif2fXSF9uvm8dDuCb4NeIAg0Fuj3RK3o1yL:AliN3qO1hR0UiZi+fC+iAObo41I

Score

10^/10

Malware Config

Signatures

Detects command variations typically used by ransomware 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_GENRansomware

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b79b6a81407caf12cf1894346a15e40c4dc017a35105119db3b23c7bf91c7b0

Files

5b79b6a81407caf12cf1894346a15e40c4dc017a35105119db3b23c7bf91c7b0
.exe windows:6 windows x86 arch:x86

fcf96dc829b5f24b92a7b578e6908702

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessorNumber
ExitProcess
lstrcpynA
WinExec
GetTickCount
GetDriveTypeW
GetLastError
WriteConsoleW
GetLocalTime
CreateFileW
ReadConsoleW
SetStdHandle
GetLogicalDrives
FreeEnvironmentStringsW
OpenMutexA
Sleep
GetCurrentThreadId
CreateMutexA
FindFirstFileA
FindClose
FindNextFileA
ExpandEnvironmentStringsW
HeapSize
GetModuleFileNameA
GetFileTime
lstrcmpiA
SystemTimeToFileTime
GetFileSize
CloseHandle
FileTimeToSystemTime
CreateFileA
MoveFileExA
lstrlenA
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetProcessHeap
SetFilePointerEx
GetConsoleMode
SetFileTime
WriteFile
ReadFile
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
HeapAlloc
HeapReAlloc
HeapFree
GetModuleHandleExW
GetStdHandle
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleCP
SetEndOfFile

user32

GetDC
FillRect
GetSystemMetrics
GetActiveWindow
wsprintfW
DrawTextW
SystemParametersInfoW
wsprintfA
GetClipboardOwner

gdi32

GetDIBits
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
SetTextColor
SetBkMode
CreateSolidBrush
CreateFontIndirectW

advapi32

RegOpenKeyExW
CryptHashData
CryptDeriveKey
RegCloseKey
RegSetValueExW
CryptSetKeyParam
CryptAcquireContextA
CryptEncrypt
CryptCreateHash

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteW

shlwapi

PathFindFileNameA
PathFindExtensionA

mpr

WNetEnumResourceA
WNetGetLastErrorA
WNetOpenEnumA
WNetCloseEnum

crypt32

CryptStringToBinaryA
CryptDecodeObjectEx
CryptImportPublicKeyInfo

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fcf96dc829b5f24b92a7b578e6908702

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

mpr

crypt32

Sections

.text Size: 155KB - Virtual size: 154KB

.rdata Size: 65KB - Virtual size: 65KB

.data Size: 4KB - Virtual size: 20.0MB

.tls Size: 512B - Virtual size: 9B

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 155KB - Virtual size: 154KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 4KB - Virtual size: 20.0MB

.tls
Size: 512B - Virtual size: 9B

.reloc
Size: 10KB - Virtual size: 9KB