chaos | bow[.]exe | Triage

Sharing

General

Target

bow.exe
Size

22KB
MD5

9c521c4bc50477b65e51b8c027779b57
SHA1

e9f86154e35c597957be6a47e04ec3f8ca355081
SHA256

001b2843e0af153d71b373962b2c0cf431cf1177b86be8be372717d620495640
SHA512

bf8e44e139fe0c44e47ac182f736e02f0d28222a254883e9e9de6c737ebe1eff5216ea7efdddd1a6b59b06065a7a7afb4f39d7bfda46697b9d67e7aa924335d8
SSDEEP

384:J3MLWHn3kI3fkS0YYpAVgjuxJ3r91CrMbYxPe8:pn3kIcBpAmjC3r9SMbme8

Score

10^/10

chaos

Malware Config

Signatures

Chaos Ransomware 1 IoCs

Processes:

resource yara_rule

sample family_chaos
Chaos family
chaos
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

bow.exe

Files

bow.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ