Extracted

Extracted

• • Target

    yfga_game.exe

  • Size

    46.7MB

  • MD5

    9d846a2d794eb4614b3d0feaa6f83259

  • SHA1

    ff6d194172fa313b8921a80cecc84f470d8dc2d0

  • SHA256

    cfd64f9ed065d19f7c488db3a8e29a553c9e61849b1d08765006110d73d3434b

  • SHA512

    6a8115aa70bd1d0d0af474a2d9d5f4ad03e2fa09277a1f3f3e6063682329b1b42aeef206f4a74d2fb76cd12afe4daf0bd1571c26c7121741a782241d3d28b521

  • SSDEEP

    786432:c7Ud58tChs1g2uzRx7KPB8NUc3sXEPeEwkHYvgctIKpJZXnfsrQl92Z3tHDUOsj1:4t96L76B0HkGUvgcaKpDPBl92HHDdsGy

  Score

  10^/10

  wannacryaspackv2defense_evasiondiscoveryevasionexecutionimpactpersistenceransomwarespywarestealerupxworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Disables Task Manager via registry modification

    evasion

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    defense_evasion

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2behavioral3