xorist | 7f64cb7e7ebfefa6d1376bcfc5b2a8fdded19aff482f3cdb766f27923a5a3bbc

General

Target

7f64cb7e7ebfefa6d1376bcfc5b2a8fdded19aff482f3cdb766f27923a5a3bbc
Size

6KB
MD5

ad69026f0cf984eaef62389e9b8ab266
SHA1

29d3d01ce6827de4298c7bea23acd2b74053991d
SHA256

7f64cb7e7ebfefa6d1376bcfc5b2a8fdded19aff482f3cdb766f27923a5a3bbc
SHA512

945e5facf42341344ae1aeadc907da389742b0064fcad490920a9335dce79468166daa2574769d547277a98c4b73a1a59ee8e3f0a2eaaa5ca5f877cb98881e24
SSDEEP

192:3rSTs/1W2RH1wTV6uQcMGEVnqx41r4940nmqVTIv:3z/1W2sB1Qcz6nqx4J0mKK

Score

10^/10

xorist

Detected Xorist Ransomware 1 IoCs

resource	yara_rule
static1/unpack001/319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5	family_xorist

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5

7f64cb7e7ebfefa6d1376bcfc5b2a8fdded19aff482f3cdb766f27923a5a3bbc
.zip

Password: infected
319fbb2dd26045a90a452eb26799c6529f8a77ad8d7b967aec58111e25b12cd5
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE