240520-qtte9scd22_pw_infected[.]zip

General

Target

240520-qtte9scd22_pw_infected.zip
Size

193KB
MD5

cebfa5dd695498c59a74528face6e846
SHA1

4c0129fa36f9f702459852ffc19cd76f73273d67
SHA256

493486883864f65f4cbffc6b7117ac44a0dc25ee14c30ec7c4408235ebb652ff
SHA512

3119ddfcf2af204e6065fb4ae9d04f1c4a70c03a8c6424099a960ec7686ef1b7b44164b6a65cf570fb923b40f317795eaa0ad5b505da2f1d07ca2baef0353f9d
SSDEEP

6144:ae4eM7STHLt0F3bt477JvyN0r+Z8fXixpB:R4eMYHLt2xo7Z0KfXiPB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Ransomware.WannaCrypt0r.v1.exe

Files

240520-qtte9scd22_pw_infected.zip
.zip

Password: infected
Ransomware.WannaCrypt0r.v1.exe
.exe windows:4 windows x86 arch:x86

Password: infected

e858a14f217810d78466806d95d7fceb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSizeEx
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
GetFileSize
LeaveCriticalSection
EnterCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
SetErrorMode
VirtualAlloc
VirtualFree
FreeLibrary
HeapAlloc
GetProcessHeap
GetModuleHandleA
SetLastError
VirtualProtect
IsBadReadPtr
HeapFree
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryA
GetStartupInfoA
ReadFile
SetFilePointer
WriteFile
SetFileTime
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
GlobalAlloc
LoadLibraryA
GetProcAddress
GlobalFree
GetModuleFileNameA
CloseHandle

user32

wsprintfA

advapi32

CryptDecrypt
CryptDestroyKey
CryptReleaseContext
CryptImportKey
CryptAcquireContextA

ws2_32

WSAStartup
inet_addr
WSACleanup

msvcrt

_controlfp
__set_app_type
__p__fmode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
__p__commode
strcpy
memset
strlen
memcpy
__CxxFrameHandler
??3@YAXPAX@Z
memcmp
_except_handler3
_local_unwind2
??2@YAPAXI@Z
sscanf
strcmp
__p___argv
__p___argc
strrchr
realloc
_stricmp
free
malloc
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
calloc
strcat
_mbsstr

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

e858a14f217810d78466806d95d7fceb

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

msvcrt

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 160KB - Virtual size: 158KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 160KB - Virtual size: 158KB