2024-08-09_7a3ef4bb272bcf1ce027303e6e4b98cf_gandcrab

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-09_7a3ef4bb272bcf1ce027303e6e4b98cf_gandcrab
Size

97KB
MD5

7a3ef4bb272bcf1ce027303e6e4b98cf
SHA1

ce0e6b1b5c977d2d82a3af251350eec518a45b4b
SHA256

e43bdb77031fe3f745a0e9b4af534a08f122c5ccfa83f004ac7d57f7f782e333
SHA512

ef24078444c487e9bcd7be3cbcee58969594692da1401eeb57e4e81d1cf98e33f74f27df9f5e95c854041f5ec5ed2f54bc843036aa1cf78ada64e681d08de6ce
SSDEEP

1536:aVJ/ir+ig8tZjKhs58D6PVrKMcBaG5moelsKuC4gEz+JpFcouTc9N8:a74rg8ttNOD6P5oaZoelsOECJpbU3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-09_7a3ef4bb272bcf1ce027303e6e4b98cf_gandcrab

Files

2024-08-09_7a3ef4bb272bcf1ce027303e6e4b98cf_gandcrab
.exe windows:5 windows x86 arch:x86

6f4b4220f178bdbdbd2bcda9593fd4d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

NdrClientCall2

kernel32

GetSystemInfo
lstrcmpiW
lstrcpyA
lstrcpyW
lstrcatW
CreateMutexW
OpenMutexW
GetModuleFileNameW
GetCommandLineA
ExpandEnvironmentStringsW
GetDriveTypeA
GetSystemDirectoryW
GetWindowsDirectoryW
GetVolumeInformationW
VirtualUnlock
GetComputerNameW
MultiByteToWideChar
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetTickCount
lstrcmpiA
lstrlenA
EnterCriticalSection
LeaveCriticalSection
VirtualLock
GetProcAddress
WriteFile
CloseHandle
lstrcmpW
GetModuleHandleW
CreateFileW
MoveFileExW
WideCharToMultiByte
GetNativeSystemInfo
GetDriveTypeW
GetDiskFreeSpaceW
WaitForMultipleObjects
VerSetConditionMask
LocalAlloc
LocalFree
GetCurrentProcess
LoadLibraryA
GetModuleHandleA
VerifyVersionInfoW
GlobalAlloc
GlobalFree
MulDiv
GetTempPathW
VirtualQuery
LoadLibraryW
LoadLibraryExW
GetCurrentProcessId
Sleep
ReadFile
ConnectNamedPipe
CreateEventW
CreateNamedPipeW
GetFullPathNameW
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
GetLastError
ExitThread
CreateThread
TerminateProcess
ExitProcess
OpenProcess
GetShortPathNameW
GetProcessHeap
VirtualFree
VirtualAlloc
lstrlenW
UnlockFile
GetSystemTime

user32

FillRect
ReleaseDC
GetDC
CreateWindowStationW
DrawTextA
wsprintfA
SystemParametersInfoW
wsprintfW
SetProcessWindowStation
DrawTextW

gdi32

DeleteDC
CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
GetDIBits
GetPixel
GetStockObject
SelectObject
SetBkColor
SetPixel
SetTextColor
GetObjectW
CreateBitmap
GetBitmapBits
SetBitmapBits
DeleteObject

advapi32

GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
OpenProcessToken
GetUserNameW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f4b4220f178bdbdbd2bcda9593fd4d9

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

kernel32

user32

gdi32

advapi32

ole32

Sections

.text Size: 67KB - Virtual size: 67KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 21KB - Virtual size: 21KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 21KB - Virtual size: 21KB

.reloc
Size: 2KB - Virtual size: 1KB