xorist | 5de893b2e4e2ca63e3dfba1ca8fd57bb44b920fd25c1c6c720bb15c3bae45f12

General

Target

5de893b2e4e2ca63e3dfba1ca8fd57bb44b920fd25c1c6c720bb15c3bae45f12
Size

40KB
MD5

1887e84a16365a8de7522804b86dac25
SHA1

f2f6edd89efa30cf81ce77e7b5b6787ef5401824
SHA256

5de893b2e4e2ca63e3dfba1ca8fd57bb44b920fd25c1c6c720bb15c3bae45f12
SHA512

c5e6ca653ad00341818aad0fdcd36aea3a8df85f80a999f010489bca71cd98feda5985181a0c6a7df3d901420a71c4e964c5e30c402ac06bceeb3d33c8e1b735
SSDEEP

768:eByxBsk5GPi2v797PnMJgS6mLPZqZJHYERvkKCHmJykqHhkbqmpK+fMYpqXp9tOP:tPsTPiO9TMJ9RLxCJ48CHmnEhL+fnU5e

Score

10^/10

upx xorist

Detected Xorist Ransomware 1 IoCs

resource	yara_rule
static1/unpack002/out.upx	family_xorist

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/a93ee68a88babf80e9ea7af2f0c31115a98680d14af4a3ec6bcb60b7c6199533	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a93ee68a88babf80e9ea7af2f0c31115a98680d14af4a3ec6bcb60b7c6199533
unpack002/out.upx

5de893b2e4e2ca63e3dfba1ca8fd57bb44b920fd25c1c6c720bb15c3bae45f12
.zip

Password: infected
a93ee68a88babf80e9ea7af2f0c31115a98680d14af4a3ec6bcb60b7c6199533
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE