chaos | Chaos Ransomware Builder v4[.]zip | Triage

Sharing

General

Target

Chaos Ransomware Builder v4.zip
Size

128KB
MD5

38f77380eecaa84385b5495699520945
SHA1

cbed2eb4d5c746ac88187c4a095e743c5d9e5fde
SHA256

7e007c64fc914f026a69878c354a4efea39b51777d9c4f1a5062dd661ec60a95
SHA512

08db0e41ab9f35623ac521939d9b1a5bbdd5f2b61a8c15d44e689b62f421d3ae04db094a69dc4dfe8fadb48d8a6aa3790b22807c3b869f124312576621f25e08
SSDEEP

3072:5T40o9YIebzkHh6IzWlOeu9Ym0NmQkSuYHqy02O85zw:h4D9qkH4ueu9YNNm8j0pr

Score

10^/10

chaos

Malware Config

Signatures

Chaos Ransomware 1 IoCs

resource	yara_rule
static1/unpack001/Chaos Ransomware Builder v4.exe	family_chaos

Chaos family
chaos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Chaos Ransomware Builder v4.exe

Files

Chaos Ransomware Builder v4.zip
.zip
Chaos Ransomware Builder v4.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\User\Desktop\builder\CustomWindowsForm\obj\Debug\Chaos Ransomware Builder v4.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ