all[.]tar[.]gz

Sharing

Copy URL Twitter E-mail

General

Target

all.tar.gz
Size

3.0MB
MD5

e18e29f99bb49dd2b4da00a0244c5bf0
SHA1

cf73b251411ecacbe165dfc270ca9ba35929b683
SHA256

64078c0f6bf5049d807b0e87b0ca4a32d08da0e0a6f94116f37b4c8c405a6548
SHA512

f6302dc4c10a61cd52bb53d9594134a3bf32e6c35204320ddf5343a80dde41d4b0a5b9febbb2ec5e744b25300d0147b97a99b0e335f88d33b97e3feeb775c768
SSDEEP

98304:KMmjtiBSTek2M7z+m7duS6cW8Q/gxmWJSt:KMm8Bw/r7hYS6c1txmn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/ransom.exe

Files

all.tar.gz
.gz
sample
.tar
ransom.exe
.exe windows:6 windows x86 arch:x86

f032b4cc0eb4f2eac3f528efe4c73962

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EndPaint
GetWindowLongW
PostMessageW
SetWindowPos
EndDialog
GetSystemMetrics
ShowWindow
OpenClipboard
GetDlgItemTextA
SetTimer
DrawTextA
CloseClipboard
EmptyClipboard
MessageBoxA
LoadBitmapW
SetClipboardData
wsprintfW
GetDlgItem
SetRect
KillTimer
SystemParametersInfoW
DialogBoxParamW
FindWindowA
LoadImageW
InvalidateRect
BeginPaint
MessageBoxW

gdi32

BitBlt
CreateFontA
SelectObject
CreateCompatibleDC
DeleteDC
SetTextColor
SetBkMode
GetObjectW
DeleteObject

shell32

SHGetFolderPathA

kernel32

GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFileSizeEx
FreeEnvironmentStringsW
MultiByteToWideChar
LCMapStringW
CompareStringW
SetEnvironmentVariableW
GetStringTypeW
GetProcessHeap
FlushFileBuffers
WriteConsoleW
HeapSize
HeapReAlloc
WideCharToMultiByte
SetUnhandledExceptionFilter
HeapFree
GetLastError
SizeofResource
FindFirstFileW
FindNextFileW
WriteFile
WaitForMultipleObjects
GetTempPathW
FindClose
CreateFileW
GetSystemDirectoryW
FreeResource
Sleep
LockResource
GlobalAlloc
CloseHandle
CreateThread
LoadResource
FindResourceW
GlobalLock
GetModuleHandleW
GetConsoleWindow
GlobalUnlock
GetDriveTypeW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
DecodePointer
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
HeapAlloc
RaiseException
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
SetEndOfFile
SetFilePointerEx
DeleteFileW
ReadFile
GetConsoleMode
ReadConsoleW
GetFileType
GetConsoleOutputCP
ExitProcess
GetModuleHandleExW
QueryPerformanceFrequency
GetStdHandle
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
SetStdHandle

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
testabc.CyberVolk_ReadMe.txt

Sharing

General

Malware Config

Signatures

Files

f032b4cc0eb4f2eac3f528efe4c73962

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

shell32

kernel32

Sections

.text Size: 134KB - Virtual size: 134KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 6KB - Virtual size: 23KB

.rsrc Size: 7.6MB - Virtual size: 7.6MB

.text
Size: 134KB - Virtual size: 134KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 6KB - Virtual size: 23KB

.rsrc
Size: 7.6MB - Virtual size: 7.6MB