xorist | 08f254697cab086135d454e80c0ca0c24e3982ac7d080f4fe3e9e1ba0a1e28a5

General

Target

08f254697cab086135d454e80c0ca0c24e3982ac7d080f4fe3e9e1ba0a1e28a5
Size

40KB
MD5

2409eb49c7455d84323627b86fa2b450
SHA1

607cd08deb02c7c9bf310477dcd77796a36f7afd
SHA256

08f254697cab086135d454e80c0ca0c24e3982ac7d080f4fe3e9e1ba0a1e28a5
SHA512

408b864a138c7bdbe280cf78864891ff822eeae63b73d8a453bf85d868347fc457397d06be3a8506964f52b74e67e1b3aa106ba6400cb0595208c7c93b5e07ab
SSDEEP

768:MNYHP80gwEcGYO4vE+L73PEeCJcccHuoYKXiY6IAtXyJW6Bzo8JIFMdyn++:BvRgPXl4c+LjPBCJcc7oZX96IAt/8JI5

Score

10^/10

xorist

Detected Xorist Ransomware 1 IoCs

resource	yara_rule
static1/unpack001/fb4e2be09a30d71df83241949a9a827a62b903ce1f78e099882d0f6794fcf2e4	family_xorist

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fb4e2be09a30d71df83241949a9a827a62b903ce1f78e099882d0f6794fcf2e4

08f254697cab086135d454e80c0ca0c24e3982ac7d080f4fe3e9e1ba0a1e28a5
.zip

Password: infected
fb4e2be09a30d71df83241949a9a827a62b903ce1f78e099882d0f6794fcf2e4
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE