xorist | 0386dd8410cd6d5e717671782bb2bd0061e37a9058ec6f5956228e4b0965af2a

General

Target

0386dd8410cd6d5e717671782bb2bd0061e37a9058ec6f5956228e4b0965af2a
Size

40KB
MD5

eb5b75b1fad5aa53d127788b17d3b275
SHA1

cb59283379a2fc7e63faa713c637dd3e7dfc80fb
SHA256

0386dd8410cd6d5e717671782bb2bd0061e37a9058ec6f5956228e4b0965af2a
SHA512

04a1976072a2e52ddff26c911ea88ac10c4a9c8ec3f0accbb5b7345e9a3caff57d9221d075b420c2d0fac25d674416a8eb741908d4c5271b175e21c3c654466e
SSDEEP

768:hwql2iC6T7flLfng8CHBt7Xd+MBgXCrst42R2JjRdqmA4j2+jBBqlK:hw41T7fWHt0ZSH2RoNdqmAq2+jmlK

Score

10^/10

xorist

Detected Xorist Ransomware 1 IoCs

resource	yara_rule
static1/unpack001/5840ac98a974844f8ca64612c6311e74bfaf235b06b52c91657f781b6224e41a	family_xorist

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5840ac98a974844f8ca64612c6311e74bfaf235b06b52c91657f781b6224e41a

0386dd8410cd6d5e717671782bb2bd0061e37a9058ec6f5956228e4b0965af2a
.zip

Password: infected
5840ac98a974844f8ca64612c6311e74bfaf235b06b52c91657f781b6224e41a
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE