Overview
overview
10Static
static
7Documents/...er.exe
windows7-x64
10Documents/...er.exe
windows10-2004-x64
10Documents/...ll.exe
windows7-x64
9Documents/...ll.exe
windows10-2004-x64
3Documents/...aw.exe
windows7-x64
10Documents/...aw.exe
windows10-2004-x64
10Documents/...ky.exe
windows7-x64
10Documents/...ky.exe
windows10-2004-x64
10Documents/...31.exe
windows7-x64
1Documents/...31.exe
windows10-2004-x64
1Documents/...3 .exe
windows7-x64
7Documents/...3 .exe
windows10-2004-x64
3Documents/...d9.dll
windows7-x64
10Documents/...d9.dll
windows10-2004-x64
10027cc450ef...ju.dll
windows7-x64
10027cc450ef...ju.dll
windows10-2004-x64
10ee29b9c013...bc6.js
windows7-x64
3ee29b9c013...bc6.js
windows10-2004-x64
3fe2e5d0543...L9.rtf
windows7-x64
4fe2e5d0543...L9.rtf
windows10-2004-x64
1Documents/...uy.hta
windows7-x64
10Documents/...uy.hta
windows10-2004-x64
10Documents/...st.exe
windows7-x64
7Documents/...st.exe
windows10-2004-x64
7Documents/...39.exe
windows7-x64
6Documents/...39.exe
windows10-2004-x64
Documents/...5c.exe
windows7-x64
6Documents/...5c.exe
windows10-2004-x64
Documents/...00.exe
windows7-x64
7Documents/...00.exe
windows10-2004-x64
7Supplement...16.scr
windows7-x64
3Supplement...16.scr
windows10-2004-x64
3Resubmissions
22-08-2024 18:43
240822-xc563asamh 1021-08-2024 17:16
240821-vtjnaathnq 1030-06-2024 00:59
240630-bcjr6svbkk 1020-06-2024 02:02
240620-cf43ysxbnk 1020-06-2024 01:44
240620-b5v1xawemk 1019-06-2024 01:10
240619-bjmseavfmp 1018-06-2024 20:40
240618-zfwsxawdpa 1018-06-2024 13:45
240618-q2vcjawdle 10Behavioral task
behavioral1
Sample
Documents/Ransomware.Cerber/cerber.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Documents/Ransomware.Cerber/cerber.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Documents/Ransomware.Cryptowall/cryptowall.exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Documents/Ransomware.Cryptowall/cryptowall.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Documents/Ransomware.Jigsaw/jigsaw.exe
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
Documents/Ransomware.Jigsaw/jigsaw.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
Documents/Ransomware.Locky/Locky.exe
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
Documents/Ransomware.Locky/Locky.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
Documents/Ransomware.Mamba/131.exe
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
Documents/Ransomware.Mamba/131.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
Documents/Ransomware.Matsnu/Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Documents/Ransomware.Matsnu/Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
Documents/Ransomware.Petrwrap/Ransomware.Petrwrap/027cc450ef5f8c5f653329641ec1fed9.dll
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
Documents/Ransomware.Petrwrap/Ransomware.Petrwrap/027cc450ef5f8c5f653329641ec1fed9.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.dll
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
ee29b9c01318a1e23836b949942db14d4811246fdae2f41df9f0dcd922c63bc6.js
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
ee29b9c01318a1e23836b949942db14d4811246fdae2f41df9f0dcd922c63bc6.js
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
fe2e5d0543b4c8769e401ec216d78a5a3547dfd426fd47e097df04a5f7d6d206_OFkNP1kKL9.rtf
Resource
win7-20240611-en
Behavioral task
behavioral20
Sample
fe2e5d0543b4c8769e401ec216d78a5a3547dfd426fd47e097df04a5f7d6d206_OFkNP1kKL9.rtf
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
Documents/Ransomware.Petrwrap/Ransomware.Petrwrap/myguy.hta
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
Documents/Ransomware.Petrwrap/Ransomware.Petrwrap/myguy.hta
Resource
win10v2004-20240611-en
Behavioral task
behavioral23
Sample
Documents/Ransomware.Petrwrap/Ransomware.Petrwrap/svchost.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
Documents/Ransomware.Petrwrap/Ransomware.Petrwrap/svchost.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
Documents/Ransomware.Petya/Ransomware.Petya/26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739.exe
Resource
win7-20240508-en
Behavioral task
behavioral26
Sample
Documents/Ransomware.Petya/Ransomware.Petya/26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral27
Sample
Documents/Ransomware.Petya/Ransomware.Petya/4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c.exe
Resource
win7-20240611-en
Behavioral task
behavioral28
Sample
Documents/Ransomware.Petya/Ransomware.Petya/4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
Documents/Ransomware.Radamant/Ransomware.Radamant/DUMP_00A10000-00A1D000.exe
Resource
win7-20240508-en
Behavioral task
behavioral30
Sample
Documents/Ransomware.Radamant/Ransomware.Radamant/DUMP_00A10000-00A1D000.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
Supplementary Agreement 26_01_2016.scr
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
Supplementary Agreement 26_01_2016.scr
Resource
win10v2004-20240508-en
General
-
Target
bc41543926dda3762ae39e35aba7a813_JaffaCakes118
-
Size
13.8MB
-
MD5
bc41543926dda3762ae39e35aba7a813
-
SHA1
81bf36d2c8c97901eb88133566838eba26d74138
-
SHA256
f255227fd45316c4681085f39e6da2f509af851f8cc2d2a84ea99c06b935ffe6
-
SHA512
29404267b0a85340a4b9e821aca8a37ee716532adb9626acc39941148c2e91f67022125a4db3d65468b6b564134bf9fa496252bd4d2aacda0be0fd54684c0291
-
SSDEEP
393216:LDZBIw5QnNtQs9HQYsiZfmu/GyBSye+tfLXSDOaC0zjLCrj:vlQnNSA1skfmkzdtfOi0jLA
Malware Config
Signatures
-
resource yara_rule static1/unpack001/Documents/Ransomware.Radamant/Ransomware.Radamant/DUMP_00A10000-00A1D000.exe.ViR upx -
Unsigned PE 22 IoCs
Checks for missing Authenticode signature.
resource unpack001/Documents/Ransomware.Cerber/cerber.exe unpack001/Documents/Ransomware.Cryptowall/cryptowall.exe unpack001/Documents/Ransomware.Jigsaw/jigsaw unpack001/Documents/Ransomware.Locky/Locky unpack001/Documents/Ransomware.Mamba/131.exe unpack001/Documents/Ransomware.Matsnu/Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .com_ unpack001/Documents/Ransomware.Petrwrap/Ransomware.Petrwrap/svchost.exe unpack001/Documents/Ransomware.Petya/Ransomware.Petya/26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739.exe unpack001/Documents/Ransomware.Petya/Ransomware.Petya/4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c.bin unpack001/Documents/Ransomware.Radamant/Ransomware.Radamant/DUMP_00A10000-00A1D000.exe.ViR unpack005/out.upx unpack006/Supplementary Agreement 26_01_2016.scr unpack001/Documents/Ransomware.Satana/Ransomware.Satana/683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.bin unpack001/Documents/Ransomware.Satana/Ransomware.Satana/unpacked.mem unpack001/Documents/Ransomware.TeslaCrypt/Ransomware.TeslaCrypt/3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370 unpack001/Documents/Ransomware.TeslaCrypt/Ransomware.TeslaCrypt/51B4EF5DC9D26B7A26E214CEE90598631E2EAA67 unpack001/Documents/Ransomware.TeslaCrypt/Ransomware.TeslaCrypt/E906FA3D51E86A61741B3499145A114E9BFB7C56 unpack001/Documents/Ransomware.Vipasana/Ransomware.Vipasana/0442cfabb3212644c4b894a7e4a7e84c00fd23489cc4f96490f9988e6074b6ab unpack001/Documents/Ransomware.Vipasana/Ransomware.Vipasana/c0cf40b8830d666a24bdd4febdc162e95aa30ed968fa3675e26ad97b2e88e03a unpack001/Documents/Ransomware.Vipasana/Ransomware.Vipasana/e49778d20a2f9b1f8b00ddd24b6bcee81af381ed02cfe0a3c9ab3111cda5f573 unpack007/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe unpack001/Documents/Ransomware.WannaCry/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Files
-
bc41543926dda3762ae39e35aba7a813_JaffaCakes118.zip
-
Documents/Ransomware.Cerber/cerber.exe.exe windows:5 windows x86 arch:x86
9d6ed8d049bc10bc45b1995cb6f7f4b6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetTickCount
GetTimeFormatW
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVolumeInformationW
GetWindowsDirectoryW
Heap32ListFirst
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
IsSystemResumeAutomatic
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MoveFileExA
MoveFileExW
MoveFileW
MultiByteToWideChar
GetEnvironmentVariableW
QueryPerformanceCounter
QueueUserAPC
RaiseException
ReadConsoleW
ReadFile
ReadProcessMemory
RemoveDirectoryW
ScrollConsoleScreenBufferW
SearchPathW
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
SetLocalTime
SetSystemTime
SetThreadLocale
SetUnhandledExceptionFilter
SetVolumeLabelA
SleepEx
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TransmitCommChar
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualFreeEx
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
WritePrivateProfileSectionA
_hwrite
lstrcmpW
lstrcmpiW
lstrcpyW
lstrlenW
GetEnvironmentStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetConsoleTitleW
GetConsoleScreenBufferInfo
GetConsoleOutputCP
GetConsoleMode
GetCompressedFileSizeW
GetCommandLineW
GetCPInfo
GetBinaryTypeW
GetBinaryType
FreeLibrary
FormatMessageW
FlushFileBuffers
FlushConsoleInputBuffer
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
EraseTape
EnterCriticalSection
DuplicateHandle
DeleteFileW
DeleteFileA
CreateThread
CreateProcessW
CreateFileW
CreateFileA
CreateDirectoryW
CopyFileW
CopyFileA
ConvertDefaultLocale
CompareFileTime
CloseHandle
OpenProcess
AddAtomW
user32
DefWindowProcW
DrawFocusRect
CreateWindowStationA
CreateMenu
FillRect
FindWindowW
GetMenuCheckMarkDimensions
GetProcessWindowStation
GetSysColorBrush
GetThreadDesktop
GetUpdateRgn
GetUserObjectInformationW
InflateRect
InsertMenuItemW
IsIconic
LockWindowUpdate
MessageBeep
MessageBoxW
MonitorFromWindow
OffsetRect
PostMessageW
RealGetWindowClass
SendMessageW
SetUserObjectInformationW
ShowWindow
ToUnicode
WinHelpA
LoadCursorW
GetKBCodePage
DefMDIChildProcW
CloseWindowStation
gdi32
StartPage
SetMiterLimit
SetMapperFlags
SetBitmapBits
PtVisible
OffsetClipRgn
GetViewportOrgEx
GetTextFaceW
AddFontMemResourceEx
AnimatePalette
Arc
BRUSHOBJ_pvAllocRbrush
ColorMatchToTarget
CopyEnhMetaFileA
CreatePatternBrush
DescribePixelFormat
EngFreeModule
EngTextOut
EnumFontsW
FillRgn
GdiGetPageCount
GetGlyphOutlineW
GetMiterLimit
GetOutlineTextMetricsA
advapi32
RegOpenKeyW
SaferRecordEventLogEntry
SaferIdentifyLevel
SaferComputeTokenFromLevel
SaferCloseLevel
RevertToSelf
RegSetValueW
RegSetValueExW
RegQueryValueW
RegQueryValueExW
CreateProcessAsUserW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupAccountSidW
ImpersonateLoggedOnUser
GetSecurityDescriptorOwner
GetFileSecurityW
FreeSid
shell32
ShellExecuteExW
ShellExecuteA
ShellAboutA
SHIsFileAvailableOffline
SHGetSettings
CheckEscapesW
DragQueryFile
DragQueryFileAorW
ExtractIconExW
SHAppBarMessage
SHBrowseForFolderA
SHChangeNotify
SHCreateProcessAsUserW
SHEmptyRecycleBinA
SHFileOperationA
SHGetDataFromIDListA
SHGetDiskFreeSpaceA
SHGetMalloc
WOWShellExecute
shlwapi
StrCmpNW
StrStrIA
StrStrIW
StrCmpNA
StrChrIA
comctl32
ImageList_Create
msvcrt
_XcptFilter
__getmainargs
__initenv
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_adjust_fdiv
_c_exit
_cexit
_close
_controlfp
_dup
_dup2
_errno
_except_handler3
_exit
_get_osfhandle
_getch
_initterm
_iob
_open_osfhandle
_pclose
_pipe
_seh_longjmp_unwind
_setjmp3
_setmode
_snwprintf
_tell
_ultoa
_vsnwprintf
_wcsicmp
_wcslwr
_wcsnicmp
_wcsupr
_wpopen
_wtol
calloc
exit
fflush
fgets
fprintf
free
iswalpha
iswdigit
iswspace
iswxdigit
longjmp
malloc
memmove
printf
qsort
rand
realloc
setlocale
srand
swprintf
swscanf
time
towlower
towupper
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsncmp
wcsncpy
wcsrchr
wcsspn
wcsstr
wcstol
wcstoul
Sections
.text Size: 315KB - Virtual size: 315KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 234KB - Virtual size: 234KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 49KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Documents/Ransomware.Cryptowall/cryptowall.exe.exe windows:5 windows x86 arch:x86
edbc0337cc897a187d263d79c09c15c7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
user32
EnableMenuItem
GetDlgItem
SendDlgItemMessageA
AppendMenuA
GetWindowLongA
wvsprintfA
SetWindowPos
FindWindowA
RedrawWindow
GetWindowTextA
EnableWindow
GetSystemMetrics
IsWindow
CheckRadioButton
UnregisterClassA
SetCursor
GetSysColorBrush
DialogBoxParamA
DestroyAcceleratorTable
DispatchMessageA
TranslateMessage
LoadIconA
EmptyClipboard
SetClipboardData
SetFocus
CharUpperA
OpenClipboard
IsDialogMessageA
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
RemoveMenu
InvalidateRect
ChildWindowFromPoint
PostMessageA
DestroyCursor
CreateDialogParamA
GetWindowRect
IsMenu
GetSubMenu
SetDlgItemInt
GetWindowPlacement
CharLowerBuffA
LoadCursorA
CheckMenuRadioItem
GetSysColor
KillTimer
DestroyIcon
DestroyWindow
PostQuitMessage
GetClientRect
MoveWindow
GetSystemMenu
SetTimer
SetWindowPlacement
InsertMenuItemA
GetMenu
CheckMenuItem
SetMenuItemInfoA
SetActiveWindow
DefDlgProcA
RegisterClassA
EndDialog
SetDlgItemTextA
EnumClipboardFormats
GetClipboardData
CloseClipboard
GetClassInfoA
CallWindowProcA
SetWindowLongA
IsDlgButtonChecked
SetWindowTextA
CheckDlgButton
GetActiveWindow
MessageBoxA
wsprintfA
GetDlgItemTextA
SendMessageA
GetCursorPos
TrackPopupMenu
ClientToScreen
DestroyMenu
CreatePopupMenu
comdlg32
GetSaveFileNameA
GetOpenFileNameA
advapi32
RegSetValueA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
GetUserNameA
dbghelp
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
comctl32
ImageList_Destroy
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Remove
CreateToolbarEx
ImageList_SetBkColor
ImageList_Create
kernel32
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapFree
VirtualFree
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EnterCriticalSection
HeapSize
LeaveCriticalSection
DeleteCriticalSection
GetLocaleInfoA
WriteFile
InterlockedDecrement
GetLastError
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
ExitProcess
GetProcAddress
Sleep
GetModuleHandleW
GlobalCompact
SetProcessWorkingSetSize
EncodePointer
OpenProcess
GlobalUnWire
GetStdHandle
IsWow64Process
GetProcessHandleCount
GetProcessHeap
FlushFileBuffers
PulseEvent
GetVersion
RtlUnwind
HeapAlloc
VirtualAlloc
HeapReAlloc
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetCommandLineA
GetProcessId
LockResource
GlobalDeleteAtom
LCMapStringA
LCMapStringW
GetModuleFileNameA
SetProcessPriorityBoost
GlobalUnfix
RequestWakeupLatency
IsProcessInJob
GetThreadTimes
GetProcessTimes
PeekNamedPipe
Sections
.text Size: 34KB - Virtual size: 33KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 104KB - Virtual size: 51.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 90KB - Virtual size: 90KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Documents/Ransomware.Jigsaw/jigsaw.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
!mmUPp Size: 209KB - Virtual size: 208KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 70KB - Virtual size: 70KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
-
Documents/Ransomware.Locky/Locky.exe windows:4 windows x86 arch:x86
0fcea3af550ad0a893e93808dccf17f4
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
GetSecurityDescriptorDacl
RegisterEventSourceA
RegQueryInfoKeyA
GetSidSubAuthorityCount
RegSetValueExA
RegDeleteKeyA
GetKernelObjectSecurity
RegCloseKey
RegQueryValueA
RegLoadKeyA
GetSidSubAuthority
RegConnectRegistryA
LookupPrivilegeValueA
InitiateSystemShutdownA
CreateProcessAsUserA
GetSidIdentifierAuthority
OpenThreadToken
LsaQueryInformationPolicy
RegQueryValueW
EncryptFileW
RegSetValueW
MakeAbsoluteSD
RegOpenKeyExA
RegCreateKeyExW
AddAce
SetNamedSecurityInfoW
OpenEventLogW
GetUserNameW
SetSecurityDescriptorSacl
MakeSelfRelativeSD
RegFlushKey
InitializeSecurityDescriptor
InitializeAcl
SetEntriesInAclA
GetSidLengthRequired
RegSetValueA
SetEntriesInAclW
GetAclInformation
user32
DrawIconEx
IsDialogMessageA
OffsetRect
PostThreadMessageW
DialogBoxParamA
GetLastActivePopup
GetGUIThreadInfo
DrawStateA
IsWindow
OpenClipboard
InSendMessage
FindWindowW
IsMenu
EnumDisplaySettingsA
DrawAnimatedRects
FrameRect
SetMenuDefaultItem
GrayStringW
CreateDialogIndirectParamW
ClientToScreen
GetParent
TranslateMDISysAccel
CreateDesktopW
ShowCaret
GetProcessWindowStation
TrackPopupMenu
IntersectRect
DialogBoxIndirectParamA
DefWindowProcA
ReuseDDElParam
NotifyWinEvent
SetClipboardData
CloseClipboard
DdeDisconnect
GetClassNameA
GetCaretPos
CharLowerW
GetWindowModuleFileNameA
IsWindowVisible
wvsprintfA
ModifyMenuA
SendDlgItemMessageW
SetCaretBlinkTime
LoadMenuW
GetMenuState
DrawTextExA
ChangeDisplaySettingsW
CreateWindowExW
GetCapture
CreatePopupMenu
SetMenu
CharUpperBuffW
DrawStateW
LoadImageA
GetScrollPos
GetDlgItem
GetClipboardFormatNameW
ValidateRgn
GetWindowThreadProcessId
GetClassInfoExW
DdeAccessData
ShowWindow
GetKeyboardLayout
GetClassInfoW
SetCaretPos
LoadCursorA
FillRect
LoadMenuA
mouse_event
ModifyMenuW
InvalidateRgn
GetMenuItemID
IsIconic
OemToCharA
LoadCursorFromFileW
RegisterWindowMessageA
DispatchMessageW
GetCursorPos
CharPrevA
GetWindowWord
imm32
ImmGetProperty
ImmGetCandidateListCountA
ImmGetCompositionStringA
ImmSetConversionStatus
ImmSetOpenStatus
ImmCreateContext
ImmGetOpenStatus
ImmNotifyIME
ImmInstallIMEA
ImmGetContext
ImmDestroyContext
ImmSimulateHotKey
ImmConfigureIMEA
ImmAssociateContext
rasapi32
RasDialA
RasGetProjectionInfoA
kernel32
WriteFileGather
PulseEvent
GetLongPathNameA
Sections
.text Size: 48KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 3.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 104KB - Virtual size: 100KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Documents/Ransomware.Mamba/131.exe.exe windows:5 windows x86 arch:x86
dd8fd079a980cb9227eb869f7da9b258
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
shlwapi
PathFileExistsW
PathFileExistsA
kernel32
Sleep
SizeofResource
GetConsoleWindow
GetVersionExW
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
GetLastError
GetProcAddress
GetSystemDirectoryW
CreateEventW
GetModuleFileNameA
GetModuleHandleA
CloseHandle
CreateThread
CreateProcessA
GetExitCodeProcess
WriteConsoleW
WriteFile
GetModuleHandleW
SetEvent
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
LoadResource
FindResourceW
GetNativeSystemInfo
GetCommandLineW
GetFileAttributesExW
SetEnvironmentVariableA
LockResource
GetModuleHandleExW
SetStdHandle
ReadConsoleW
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
GetStringTypeW
HeapFree
HeapAlloc
ExitProcess
SetEndOfFile
AreFileApisANSI
GetCommandLineA
RaiseException
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
GetStdHandle
GetFileType
GetProcessHeap
ReadFile
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
HeapReAlloc
OutputDebugStringW
user32
ExitWindowsEx
ShowWindow
advapi32
RegisterServiceCtrlHandlerW
RevertToSelf
SetServiceStatus
ImpersonateLoggedOnUser
ChangeServiceConfig2W
LookupPrivilegeValueW
CreateProcessAsUserW
LogonUserW
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenProcessToken
CreateServiceW
AdjustTokenPrivileges
shell32
ShellExecuteW
ShellExecuteA
Sections
.text Size: 120KB - Virtual size: 119KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 38KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Documents/Ransomware.Matsnu/Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .com_.exe windows:5 windows x86 arch:x86
bd52eaa585e8f1c2fba85e8df7a2e191
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
LookupPrivilegeDisplayNameW
gdi32
AbortPath
AbortDoc
dbghelp
SymLoadModule64
FindFileInSearchPath
SymGetLineFromAddr64
SymGetSymFromAddr64
clusapi
FailClusterResource
GetClusterFromNetwork
ClusterRegEnumKey
ClusterGroupGetEnumCount
RestoreClusterDatabase
GetClusterNodeId
ClusterRegDeleteValue
CloseClusterResource
ClusterOpenEnum
kernel32
HeapSize
GetLastError
MoveFileA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
HeapFree
GetFileAttributesA
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
ExitProcess
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateProcessA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
WriteConsoleW
MultiByteToWideChar
SetFilePointer
LoadLibraryW
IsProcessorFeaturePresent
HeapAlloc
HeapReAlloc
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
LCMapStringW
GetStringTypeW
CreateFileW
Sections
.text Size: 37KB - Virtual size: 36KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 44KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Documents/Ransomware.Petrwrap/Ransomware.Petrwrap/027cc450ef5f8c5f653329641ec1fed9.exe.dll windows:5 windows x86 arch:x86
52dd60b5f3c9e2f17c2e303e8c8d4eab
Code Sign
2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before22-08-2007 22:31Not After25-08-2012 07:00SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:01:cf:3e:00:00:00:00:00:0fCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07-12-2009 22:40Not After07-03-2011 22:40SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before16-09-2006 01:04Not After15-09-2019 07:00SubjectCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:05:a2:30:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before25-07-2008 19:01Not After25-07-2013 19:11SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
3b:65:0e:49:c6:e9:34:29:f5:80:58:4e:cc:af:af:dd:dd:e9:ce:e5Signer
Actual PE Digest3b:65:0e:49:c6:e9:34:29:f5:80:58:4e:cc:af:af:dd:dd:e9:ce:e5Digest Algorithmsha1PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
ConnectNamedPipe
GetModuleHandleW
CreateNamedPipeW
TerminateThread
DisconnectNamedPipe
FlushFileBuffers
GetTempPathW
GetProcAddress
DeleteFileW
FreeLibrary
GlobalAlloc
LoadLibraryW
GetComputerNameExW
GlobalFree
ExitProcess
GetVersionExW
GetModuleFileNameW
DisableThreadLibraryCalls
ResumeThread
GetEnvironmentVariableW
GetFileSize
SetFilePointer
SetLastError
LoadResource
GetCurrentThread
OpenProcess
GetSystemDirectoryW
SizeofResource
GetLocalTime
Process32FirstW
LockResource
Process32NextW
GetModuleHandleA
lstrcatW
CreateToolhelp32Snapshot
GetCurrentProcess
VirtualFree
VirtualAlloc
LoadLibraryA
VirtualProtect
WideCharToMultiByte
GetExitCodeProcess
WaitForMultipleObjects
CreateProcessW
PeekNamedPipe
GetTempFileNameW
InterlockedExchange
LeaveCriticalSection
MultiByteToWideChar
CreateFileA
GetTickCount
CreateThread
LocalFree
FindNextFileW
CreateFileMappingW
LocalAlloc
FindClose
GetFileSizeEx
CreateFileW
Sleep
FlushViewOfFile
GetLogicalDrives
WaitForSingleObject
GetDriveTypeW
UnmapViewOfFile
MapViewOfFile
FindFirstFileW
CloseHandle
DeviceIoControl
GetLastError
GetSystemDirectoryA
ReadFile
WriteFile
GetProcessHeap
InitializeCriticalSection
HeapReAlloc
GetWindowsDirectoryW
EnterCriticalSection
HeapFree
SetFilePointerEx
HeapAlloc
FindResourceW
user32
ExitWindowsEx
wsprintfA
wsprintfW
advapi32
CryptGenRandom
CryptAcquireContextA
CryptExportKey
CryptAcquireContextW
CreateProcessAsUserW
InitiateSystemShutdownExW
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
GetSidSubAuthority
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetThreadToken
CredEnumerateW
CredFree
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptDestroyKey
CryptGenKey
CryptEncrypt
CryptImportKey
CryptSetKeyParam
CryptReleaseContext
shell32
CommandLineToArgvW
SHGetFolderPathW
ole32
CoCreateGuid
CoTaskMemFree
StringFromCLSID
crypt32
CryptStringToBinaryW
CryptBinaryToStringW
CryptDecodeObjectEx
shlwapi
PathAppendW
StrToIntW
PathFindFileNameW
PathFileExistsW
StrCmpW
StrCmpIW
StrChrW
StrCatW
StrStrW
PathFindExtensionW
PathCombineW
StrStrIW
iphlpapi
GetIpNetTable
GetAdaptersInfo
ws2_32
inet_ntoa
gethostbyname
__WSAFDIsSet
ntohl
ioctlsocket
connect
inet_addr
select
recv
send
htons
closesocket
socket
WSAStartup
mpr
WNetOpenEnumW
WNetEnumResourceW
WNetCancelConnection2W
WNetAddConnection2W
WNetCloseEnum
netapi32
NetServerEnum
NetApiBufferFree
NetServerGetInfo
dhcpsapi
DhcpEnumSubnetClients
DhcpRpcFreeMemory
DhcpGetSubnetInfo
DhcpEnumSubnets
msvcrt
malloc
_itoa
free
memset
rand
memcpy
Sections
.text Size: 47KB - Virtual size: 47KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 242KB - Virtual size: 241KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Documents/Ransomware.Petrwrap/Ransomware.Petrwrap/027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.bin.gz.gz
-
027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.bin.dll windows:5 windows x86 arch:x86
52dd60b5f3c9e2f17c2e303e8c8d4eab
Code Sign
2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before22-08-2007 22:31Not After25-08-2012 07:00SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:01:cf:3e:00:00:00:00:00:0fCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07-12-2009 22:40Not After07-03-2011 22:40SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before16-09-2006 01:04Not After15-09-2019 07:00SubjectCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:05:a2:30:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before25-07-2008 19:01Not After25-07-2013 19:11SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
3b:65:0e:49:c6:e9:34:29:f5:80:58:4e:cc:af:af:dd:dd:e9:ce:e5Signer
Actual PE Digest3b:65:0e:49:c6:e9:34:29:f5:80:58:4e:cc:af:af:dd:dd:e9:ce:e5Digest Algorithmsha1PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
ConnectNamedPipe
GetModuleHandleW
CreateNamedPipeW
TerminateThread
DisconnectNamedPipe
FlushFileBuffers
GetTempPathW
GetProcAddress
DeleteFileW
FreeLibrary
GlobalAlloc
LoadLibraryW
GetComputerNameExW
GlobalFree
ExitProcess
GetVersionExW
GetModuleFileNameW
DisableThreadLibraryCalls
ResumeThread
GetEnvironmentVariableW
GetFileSize
SetFilePointer
SetLastError
LoadResource
GetCurrentThread
OpenProcess
GetSystemDirectoryW
SizeofResource
GetLocalTime
Process32FirstW
LockResource
Process32NextW
GetModuleHandleA
lstrcatW
CreateToolhelp32Snapshot
GetCurrentProcess
VirtualFree
VirtualAlloc
LoadLibraryA
VirtualProtect
WideCharToMultiByte
GetExitCodeProcess
WaitForMultipleObjects
CreateProcessW
PeekNamedPipe
GetTempFileNameW
InterlockedExchange
LeaveCriticalSection
MultiByteToWideChar
CreateFileA
GetTickCount
CreateThread
LocalFree
FindNextFileW
CreateFileMappingW
LocalAlloc
FindClose
GetFileSizeEx
CreateFileW
Sleep
FlushViewOfFile
GetLogicalDrives
WaitForSingleObject
GetDriveTypeW
UnmapViewOfFile
MapViewOfFile
FindFirstFileW
CloseHandle
DeviceIoControl
GetLastError
GetSystemDirectoryA
ReadFile
WriteFile
GetProcessHeap
InitializeCriticalSection
HeapReAlloc
GetWindowsDirectoryW
EnterCriticalSection
HeapFree
SetFilePointerEx
HeapAlloc
FindResourceW
user32
ExitWindowsEx
wsprintfA
wsprintfW
advapi32
CryptGenRandom
CryptAcquireContextA
CryptExportKey
CryptAcquireContextW
CreateProcessAsUserW
InitiateSystemShutdownExW
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
GetSidSubAuthority
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetThreadToken
CredEnumerateW
CredFree
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptDestroyKey
CryptGenKey
CryptEncrypt
CryptImportKey
CryptSetKeyParam
CryptReleaseContext
shell32
CommandLineToArgvW
SHGetFolderPathW
ole32
CoCreateGuid
CoTaskMemFree
StringFromCLSID
crypt32
CryptStringToBinaryW
CryptBinaryToStringW
CryptDecodeObjectEx
shlwapi
PathAppendW
StrToIntW
PathFindFileNameW
PathFileExistsW
StrCmpW
StrCmpIW
StrChrW
StrCatW
StrStrW
PathFindExtensionW
PathCombineW
StrStrIW
iphlpapi
GetIpNetTable
GetAdaptersInfo
ws2_32
inet_ntoa
gethostbyname
__WSAFDIsSet
ntohl
ioctlsocket
connect
inet_addr
select
recv
send
htons
closesocket
socket
WSAStartup
mpr
WNetOpenEnumW
WNetEnumResourceW
WNetCancelConnection2W
WNetAddConnection2W
WNetCloseEnum
netapi32
NetServerEnum
NetApiBufferFree
NetServerGetInfo
dhcpsapi
DhcpEnumSubnetClients
DhcpRpcFreeMemory
DhcpGetSubnetInfo
DhcpEnumSubnets
msvcrt
malloc
_itoa
free
memset
rand
memcpy
Sections
.text Size: 47KB - Virtual size: 47KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 242KB - Virtual size: 241KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Documents/Ransomware.Petrwrap/Ransomware.Petrwrap/ee29b9c01318a1e23836b949942db14d4811246fdae2f41df9f0dcd922c63bc6.bin.gz.gz
-
ee29b9c01318a1e23836b949942db14d4811246fdae2f41df9f0dcd922c63bc6.bin.js
-
Documents/Ransomware.Petrwrap/Ransomware.Petrwrap/fe2e5d0543b4c8769e401ec216d78a5a3547dfd426fd47e097df04a5f7d6d206_OFkNP1kKL9.bin.gz.gz
-
fe2e5d0543b4c8769e401ec216d78a5a3547dfd426fd47e097df04a5f7d6d206_OFkNP1kKL9.bin.rtf
-
Documents/Ransomware.Petrwrap/Ransomware.Petrwrap/myguy.hta.js
-
Documents/Ransomware.Petrwrap/Ransomware.Petrwrap/svchost.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 587KB - Virtual size: 587KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 115KB - Virtual size: 115KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Documents/Ransomware.Petya/Ransomware.Petya/26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739.exe.exe windows:5 windows x86 arch:x86
1a63922d5931d1bb8ca5188313f78eaa
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
GoogleCrashHandler_unsigned.pdb
Imports
kernel32
GetCurrentThreadId
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CreateSemaphoreW
FreeLibrary
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
LCMapStringW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
CreateFileW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LocalFree
CreateDirectoryW
DeleteFileW
GetCurrentThread
WaitForMultipleObjects
LoadLibraryW
WaitForSingleObject
GetExitCodeProcess
DuplicateHandle
ReleaseMutex
GetEnvironmentVariableW
lstrcmpiW
VirtualQuery
GetTempPathW
GetLocalTime
OutputDebugStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcmpW
lstrlenW
SetFilePointer
CreateMutexW
InitializeCriticalSection
TryEnterCriticalSection
SetEvent
ResetEvent
GetFileAttributesExW
SetLastError
VerifyVersionInfoW
VerSetConditionMask
MoveFileExW
GetFileTime
ReadFile
DeviceIoControl
SetProcessWorkingSetSize
OpenProcess
CreateProcessW
ReadProcessMemory
lstrcpynW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateThread
DebugActiveProcess
GetThreadContext
DebugActiveProcessStop
VirtualQueryEx
GetProcessId
GetSystemInfo
ContinueDebugEvent
WaitForDebugEvent
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
GetCommandLineW
EncodePointer
LeaveCriticalSection
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
RtlCaptureContext
ReleaseSemaphore
EnterCriticalSection
OutputDebugStringW
DeleteCriticalSection
DecodePointer
HeapSize
GetProcAddress
GetLastError
RaiseException
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetProcessHeap
GetModuleHandleW
HeapFree
IsDebuggerPresent
GetUserDefaultLangID
GetSystemDefaultLangID
GetComputerNameExW
GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
UnregisterWait
GetProcessTimes
UnregisterWaitEx
RegisterWaitForSingleObject
VirtualProtect
VirtualAlloc
HeapAlloc
RemoveDirectoryW
HeapReAlloc
user32
SetClipboardData
EmptyClipboard
OpenClipboard
GetProcessWindowStation
CloseDesktop
CloseClipboard
CharUpperW
CharLowerW
PostThreadMessageW
DispatchMessageW
GetMessageW
PeekMessageW
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
SetThreadDesktop
CreateWindowStationW
CloseWindowStation
GetThreadDesktop
SetProcessWindowStation
CreateDesktopW
wvsprintfW
wsprintfW
MessageBoxW
advapi32
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
GetLengthSid
CopySid
IsValidSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorDacl
AddAce
InitializeAcl
GetAclInformation
InitializeSecurityDescriptor
MakeAbsoluteSD
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetAce
MakeSelfRelativeSD
GetSecurityDescriptorLength
EqualSid
SetNamedSecurityInfoW
ConvertStringSidToSidW
OpenThreadToken
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
ConvertSidToStringSidW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
SetSecurityDescriptorSacl
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
SetTokenInformation
ole32
CoCreateGuid
StringFromGUID2
shell32
SHGetFolderPathW
netapi32
NetApiBufferFree
NetWkstaGetInfo
rpcrt4
UuidCreate
shlwapi
PathRemoveExtensionW
PathRemoveFileSpecW
PathStripPathW
PathCanonicalizeW
PathIsRelativeW
SHQueryValueExW
PathAppendW
userenv
UnloadUserProfile
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
Sections
.text Size: 156KB - Virtual size: 155KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 48KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Documents/Ransomware.Petya/Ransomware.Petya/4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c.bin.exe windows:5 windows x86 arch:x86
bf084102e13441ce39f8d51d9bf55857
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ole32
IIDFromString
StringFromGUID2
OleUninitialize
OleInitialize
OleRun
OleSetContainedObject
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
shell32
SHGetFolderPathW
FindExecutableA
Shell_NotifyIconA
SHGetFolderPathA
ShellExecuteExA
wininet
InternetTimeFromSystemTime
InternetTimeToSystemTime
InternetCrackUrlA
HttpQueryInfoA
InternetConnectA
InternetReadFile
HttpOpenRequestA
InternetGetConnectedState
InternetErrorDlg
HttpSendRequestA
InternetOpenA
InternetCloseHandle
user32
IsChild
SetFocus
SetRect
GetWindowThreadProcessId
RegisterClassExA
GetFocus
GetAncestor
GetSystemMenu
GetWindowRect
GetParent
GetClientRect
SendMessageA
GetClassInfoExW
GetDC
TranslateMessage
RegisterClassExW
GetWindowLongW
ReleaseDC
EnableMenuItem
SetWindowLongW
GetDesktopWindow
SetWindowPos
CreateWindowExW
AdjustWindowRectEx
LoadCursorA
SetWindowLongA
GetWindowLongA
CreateWindowExA
MessageBoxA
CharNextA
DispatchMessageW
RegisterClassA
LoadImageA
GetSystemMetrics
DispatchMessageA
PostMessageA
AppendMenuA
CreatePopupMenu
ShowWindow
MsgWaitForMultipleObjectsEx
GetCursorPos
DefWindowProcA
IsWindowUnicode
SetWindowTextW
DefWindowProcW
wsprintfA
LoadStringA
DestroyWindow
GetMessageA
GetMessageW
PostQuitMessage
TrackPopupMenu
SetForegroundWindow
PeekMessageA
comctl32
InitCommonControlsEx
version
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
VerQueryValueA
kernel32
GetStdHandle
WriteConsoleW
GetConsoleMode
GetConsoleCP
GetFileType
GetStartupInfoW
HeapSetInformation
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
GetModuleFileNameW
HeapAlloc
HeapFree
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileExW
SetStdHandle
HeapReAlloc
GetCPInfo
RtlUnwind
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ExitThread
CreateDirectoryW
VirtualProtect
GetFullPathNameW
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapSize
GetLocaleInfoW
SetHandleCount
GetTimeZoneInformation
SetFilePointer
FlushFileBuffers
IsDebuggerPresent
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
lstrcmpA
GetModuleHandleA
FindResourceA
lstrlenA
GetModuleHandleExA
FreeLibrary
LoadResource
SetEndOfFile
InterlockedDecrement
GetCommandLineA
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
SizeofResource
SetDllDirectoryA
IsDBCSLeadByte
MultiByteToWideChar
lstrlenW
RaiseException
GetLastError
lstrcmpiA
GetProcAddress
GetModuleFileNameA
LoadLibraryExA
CreateMutexA
DeleteCriticalSection
CloseHandle
WaitForSingleObject
FormatMessageA
GetExitCodeProcess
LocalFree
DeleteFileA
SetEvent
CreateEventA
lstrcatA
ResetEvent
WaitForMultipleObjects
CreateThread
lstrcpyA
lstrcpynA
CreateFileA
WriteFile
Sleep
ReadFile
OpenEventA
GetSystemTime
GetCurrentProcess
GetTickCount
GetCurrentProcessId
GetTempPathA
SystemTimeToFileTime
FileTimeToSystemTime
MulDiv
InterlockedExchange
InterlockedExchangeAdd
LocalAlloc
GetCurrentThreadId
FormatMessageW
GetLocalTime
ExitProcess
GetLocaleInfoA
GetWindowsDirectoryA
OpenProcess
TerminateProcess
GetSystemDirectoryA
FindFirstFileA
FindClose
LoadLibraryA
LockResource
GetNativeSystemInfo
PeekNamedPipe
SetHandleInformation
CreateProcessA
CreateDirectoryA
GetProcessHeap
CreatePipe
GetSystemDefaultUILanguage
GetThreadLocale
GetUserDefaultUILanguage
MoveFileExA
GetFileAttributesA
FindNextFileA
OpenThread
GetExitCodeThread
GetModuleHandleExW
LoadLibraryW
LoadLibraryExW
ReleaseMutex
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileW
SetFilePointerEx
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedCompareExchange
GetStringTypeW
EncodePointer
DecodePointer
GetCurrentDirectoryW
GetFileInformationByHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableA
InterlockedIncrement
RemoveDirectoryA
advapi32
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryInfoKeyW
RegSetValueExA
CryptGetHashParam
RegQueryInfoKeyA
GetTokenInformation
CopySid
GetWindowsAccountDomainSid
CreateWellKnownSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
RegQueryValueExA
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptHashData
RegEnumKeyA
OpenProcessToken
oleaut32
SysFreeString
VarUI4FromStr
VariantClear
SysAllocString
VariantCopy
VariantInit
VariantChangeType
GetErrorInfo
SysStringByteLen
shlwapi
ord12
gdi32
GetStockObject
GetDeviceCaps
wintrust
WinVerifyTrust
crypt32
CryptMsgClose
CryptQueryObject
CertGetNameStringW
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptStringToBinaryA
CryptBinaryToStringA
CryptProtectData
CryptUnprotectData
msi
ord141
ord168
ord160
ord158
ord115
ord159
ord117
ord8
ord44
ord204
ord189
ord67
ord31
ord137
ord91
Sections
.text Size: 447KB - Virtual size: 446KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 138KB - Virtual size: 137KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 146KB - Virtual size: 145KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Documents/Ransomware.Radamant/Ransomware.Radamant/DUMP_00A10000-00A1D000.exe.ViR.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
UPX0 Size: - Virtual size: 76KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 14KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
.text Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 736B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 23KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 860B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Documents/Ransomware.Radamant/Ransomware.Radamant/Supplementary Agreement 26_01_2016.zip.ViR.zip
-
Supplementary Agreement 26_01_2016.scr.exe windows:5 windows x86 arch:x86
67ef42078ff0fa6e633d4e8d0e87faba
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
J:\Krypton_15.0_SR\Bin\StubNew.pdb
Imports
kernel32
GetProcAddress
LoadLibraryA
LocalAlloc
GetExitCodeThread
LocalFree
RtlZeroMemory
CreateThread
lstrcpyA
SwitchToThread
WaitForSingleObject
OutputDebugStringW
ExitProcess
LoadLibraryW
user32
OpenClipboard
GetActiveWindow
MessageBoxA
advapi32
RegCreateKeyExA
SetEntriesInAclA
RegCloseKey
FreeSid
AllocateAndInitializeSid
AbortSystemShutdownA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteKeyA
winmm
mciSendStringA
mciGetErrorStringA
userenv
GetDefaultUserProfileDirectoryW
winspool.drv
ClosePrinter
OpenPrinterA
EndDocPrinter
ord201
StartDocPrinterA
EndPagePrinter
WritePrinter
StartPagePrinter
Sections
.text Size: 44KB - Virtual size: 43KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Documents/Ransomware.Rex/WTEpZSFwgb.elf linux x86
-
Documents/Ransomware.Satana/Ransomware.Satana/683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.bin.exe windows:5 windows x86 arch:x86
a3bc0305643e7601d6deca72652f4ab5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
ntdll
vsprintf
memmove
NtYieldExecution
strchr
strncpy
_stricmp
memset
kernel32
GetLocalTime
OutputDebugStringA
user32
MessageBoxA
opengl32
glEnd
glEnable
glLineWidth
glPolygonMode
glColor3d
glBegin
glDisable
glClear
glPointSize
glLineStipple
glVertex3d
Sections
.text Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 38KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 930B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Documents/Ransomware.Satana/Ransomware.Satana/unpacked.mem.exe windows:5 windows x86 arch:x86
d99e35e9d4559cb6df0e1eb507b928cc
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
ntdll
RtlGetNtVersionNumbers
strrchr
wcsncmp
wcstombs
_vsnwprintf
wcsstr
wcsrchr
NtQueryInformationProcess
RtlGetCurrentPeb
NtYieldExecution
vsprintf
mbstowcs
sprintf
_stricmp
_chkstk
memset
memcpy
_allrem
RtlUnwind
msvcrt
??3@YAXPAX@Z
free
??2@YAPAXI@Z
malloc
kernel32
GetTempPathW
SwitchToThread
ExpandEnvironmentStringsW
CreateThread
DeleteFileA
SetFileAttributesW
ResumeThread
WriteProcessMemory
LocalFree
DeleteFileW
GetWindowsDirectoryW
CloseHandle
GetFullPathNameW
ExitProcess
GetCommandLineW
GetComputerNameA
CreateFileA
GetFileSize
SetPriorityClass
FindFirstFileW
SetFilePointer
GetLocaleInfoA
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
FreeLibrary
HeapAlloc
SetUnhandledExceptionFilter
InterlockedIncrement
MoveFileExW
InterlockedDecrement
GetCurrentProcess
GetLogicalDriveStringsW
HeapFree
WaitForSingleObject
GetSystemDefaultLCID
OutputDebugStringW
GetTickCount
GetProcessHeap
FormatMessageA
WriteFile
InitializeCriticalSection
GetSystemDirectoryW
Sleep
CopyFileW
LeaveCriticalSection
HeapCreate
CreateProcessA
ReadFile
CreateFileW
SetThreadPriority
FlushFileBuffers
OutputDebugStringA
GetFileSizeEx
GetLastError
GetProcAddress
QueueUserAPC
MoveFileW
EnterCriticalSection
VirtualAllocEx
FindClose
GetLocalTime
LoadLibraryA
CreateFileMappingA
LocalAlloc
DeviceIoControl
WaitForMultipleObjects
GetModuleFileNameA
GetModuleHandleA
FindNextFileW
GetShortPathNameW
mpr
WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
ws2_32
WSAStartup
connect
send
gethostbyname
closesocket
socket
htons
user32
MessageBoxA
wsprintfW
advapi32
GetUserNameA
RegSetValueExW
RegCloseKey
GetCurrentHwProfileW
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
shell32
CommandLineToArgvW
Sections
.text Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 70KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Documents/Ransomware.TeslaCrypt/Ransomware.TeslaCrypt/3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370.exe windows:4 windows x86 arch:x86
41bde7e296ed20c37e477bd256a1b6dc
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shlwapi
PathFindFileNameW
psapi
EnumProcesses
GetProcessImageFileNameW
msimg32
GradientFill
kernel32
GetLogicalDriveStringsW
CreateProcessA
CreateThread
GetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
LocalFree
LocalAlloc
GetCurrentProcess
SetLastError
GetEnvironmentVariableW
lstrcatW
lstrcpyW
GetShortPathNameW
GetModuleFileNameW
lstrlenW
Sleep
TerminateProcess
OpenProcess
GetCurrentProcessId
GetModuleHandleW
CreateProcessW
CopyFileW
GetFullPathNameW
LoadLibraryW
AllocConsole
GetVersionExW
CreateMutexW
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GlobalMemoryStatus
FreeLibrary
GetProcAddress
GetDriveTypeW
GetStringTypeW
GetStringTypeA
HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
InitializeCriticalSection
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
SetHandleCount
FlushFileBuffers
MultiByteToWideChar
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
ExitThread
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
CreateFileW
GetFileSize
CloseHandle
ReadFile
SetFilePointer
WriteFile
MoveFileW
GetSystemTimeAsFileTime
GetLocalTime
CreateFileA
SetEndOfFile
GetLocaleInfoA
TlsAlloc
TlsGetValue
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoW
HeapFree
HeapAlloc
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
GetProcessHeap
user32
CloseClipboard
PostMessageW
SetClipboardData
EmptyClipboard
LoadCursorW
GetMessageW
TranslateMessage
DispatchMessageW
RegisterClassExW
ShowWindow
PostQuitMessage
EnableWindow
DefWindowProcW
UpdateWindow
SendMessageW
PtInRect
SetCursor
DrawIconEx
OpenClipboard
EnableMenuItem
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
DialogBoxIndirectParamW
BeginPaint
EndPaint
DestroyWindow
EndDialog
GetWindowTextA
MessageBoxW
CreateWindowExW
GetDC
ReleaseDC
SystemParametersInfoW
GetClientRect
DrawTextW
GetSystemMenu
gdi32
RoundRect
GetDIBits
CreateCompatibleDC
SetBkMode
SetTextColor
DeleteDC
CreateFontW
SelectObject
GetStockObject
DeleteObject
CreateCompatibleBitmap
advapi32
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
shell32
SHGetFolderPathW
ShellExecuteW
ShellExecuteA
ShellExecuteExW
ole32
CoInitializeEx
CoCreateInstance
wininet
InternetCloseHandle
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetSetCookieW
InternetOpenA
Sections
.text Size: 216KB - Virtual size: 214KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 28KB - Virtual size: 108KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 852B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Documents/Ransomware.TeslaCrypt/Ransomware.TeslaCrypt/51B4EF5DC9D26B7A26E214CEE90598631E2EAA67.exe windows:4 windows x86 arch:x86
5656329acd9893a7babdc7ca571a6139
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
CreateProcessW
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FindResourceW
GetCommandLineA
GetCommandLineW
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetThreadContext
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LockResource
MultiByteToWideChar
SetUnhandledExceptionFilter
SizeofResource
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte
msvcrt
_strdup
_stricoll
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_fullpath
_iob
_onexit
_setmode
abort
atexit
atoi
calloc
exit
fputc
free
fwrite
getenv
isspace
localeconv
malloc
mbstowcs
memcpy
realloc
setlocale
signal
sprintf
strchr
strcoll
strlen
tolower
vfprintf
wcslen
wcstombs
shell32
CommandLineToArgvW
Sections
.text Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.eh_fram Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 2KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 190KB - Virtual size: 189KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Documents/Ransomware.TeslaCrypt/Ransomware.TeslaCrypt/E906FA3D51E86A61741B3499145A114E9BFB7C56.exe windows:4 windows x86 arch:x86
99bff35f43bcff8998b2001d6df68577
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
gdi32
DeleteObject
GetStockObject
kernel32
CreateProcessW
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FindResourceW
GetCommandLineA
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadResource
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte
msvcrt
_strdup
_stricoll
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_fullpath
_iob
_onexit
_setmode
abort
atexit
atoi
calloc
exit
fputc
free
fwrite
getenv
isspace
localeconv
malloc
mbstowcs
memcpy
realloc
setlocale
signal
sprintf
strchr
strcoll
strlen
tolower
vfprintf
wcslen
wcstombs
ole32
CoInitializeEx
shell32
SHGetFolderPathA
user32
DispatchMessageA
GetMessageA
ShowWindow
TranslateMessage
UpdateWindow
Sections
.text Size: 42KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/4 Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 2KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 189KB - Virtual size: 189KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Documents/Ransomware.Vipasana/Ransomware.Vipasana/0442cfabb3212644c4b894a7e4a7e84c00fd23489cc4f96490f9988e6074b6ab.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 245KB - Virtual size: 245KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 12B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 97KB - Virtual size: 100KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Documents/Ransomware.Vipasana/Ransomware.Vipasana/c0cf40b8830d666a24bdd4febdc162e95aa30ed968fa3675e26ad97b2e88e03a.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 245KB - Virtual size: 245KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 12B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 97KB - Virtual size: 100KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Documents/Ransomware.Vipasana/Ransomware.Vipasana/e49778d20a2f9b1f8b00ddd24b6bcee81af381ed02cfe0a3c9ab3111cda5f573.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 245KB - Virtual size: 245KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 12B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 56KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Documents/Ransomware.WannaCry/Ransomware.WannaCry.zip.zip
Password: infected
-
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe.exe windows:4 windows x86 arch:x86
68f013d7437aa653a8a98a05807afeb1
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetFileAttributesW
GetFileSizeEx
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
ReadFile
GetFileSize
WriteFile
LeaveCriticalSection
EnterCriticalSection
SetFileAttributesW
SetCurrentDirectoryW
CreateDirectoryW
GetTempPathW
GetWindowsDirectoryW
GetFileAttributesA
SizeofResource
LockResource
LoadResource
MultiByteToWideChar
Sleep
OpenMutexA
GetFullPathNameA
CopyFileA
GetModuleFileNameA
VirtualAlloc
VirtualFree
FreeLibrary
HeapAlloc
GetProcessHeap
GetModuleHandleA
SetLastError
VirtualProtect
IsBadReadPtr
HeapFree
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryA
GetStartupInfoA
SetFilePointer
SetFileTime
GetComputerNameW
GetCurrentDirectoryA
SetCurrentDirectoryA
GlobalAlloc
LoadLibraryA
GetProcAddress
GlobalFree
CreateProcessA
CloseHandle
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
FindResourceA
user32
wsprintfA
advapi32
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
CryptReleaseContext
RegCreateKeyW
RegSetValueExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
msvcrt
realloc
fclose
fwrite
fread
fopen
sprintf
rand
srand
strcpy
memset
strlen
wcscat
wcslen
__CxxFrameHandler
??3@YAXPAX@Z
memcmp
_except_handler3
_local_unwind2
wcsrchr
swprintf
??2@YAPAXI@Z
memcpy
strcmp
strrchr
__p___argv
__p___argc
_stricmp
free
malloc
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
calloc
strcat
_mbsstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
Sections
.text Size: 28KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.3MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Documents/Ransomware.WannaCry/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe.exe windows:4 windows x86 arch:x86
68f013d7437aa653a8a98a05807afeb1
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetFileAttributesW
GetFileSizeEx
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
ReadFile
GetFileSize
WriteFile
LeaveCriticalSection
EnterCriticalSection
SetFileAttributesW
SetCurrentDirectoryW
CreateDirectoryW
GetTempPathW
GetWindowsDirectoryW
GetFileAttributesA
SizeofResource
LockResource
LoadResource
MultiByteToWideChar
Sleep
OpenMutexA
GetFullPathNameA
CopyFileA
GetModuleFileNameA
VirtualAlloc
VirtualFree
FreeLibrary
HeapAlloc
GetProcessHeap
GetModuleHandleA
SetLastError
VirtualProtect
IsBadReadPtr
HeapFree
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryA
GetStartupInfoA
SetFilePointer
SetFileTime
GetComputerNameW
GetCurrentDirectoryA
SetCurrentDirectoryA
GlobalAlloc
LoadLibraryA
GetProcAddress
GlobalFree
CreateProcessA
CloseHandle
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
FindResourceA
user32
wsprintfA
advapi32
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
CryptReleaseContext
RegCreateKeyW
RegSetValueExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
msvcrt
realloc
fclose
fwrite
fread
fopen
sprintf
rand
srand
strcpy
memset
strlen
wcscat
wcslen
__CxxFrameHandler
??3@YAXPAX@Z
memcmp
_except_handler3
_local_unwind2
wcsrchr
swprintf
??2@YAPAXI@Z
memcpy
strcmp
strrchr
__p___argv
__p___argc
_stricmp
free
malloc
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
calloc
strcat
_mbsstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
Sections
.text Size: 28KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.3MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ