Luke Ransomware[.]exe[.]zip | Triage

Sharing

General

Target

Luke Ransomware.exe.zip
Size

314KB
MD5

be43ddcc26bf8025b5f219362c53087d
SHA1

6fe9c43fcc7106741860b99a1d22a221f7844d86
SHA256

708be4901fb804f7dcb8f9b33c296e2fb54b8cc3585167fa18e779d62e3a50be
SHA512

53d16ef64479a688dcf998c5c76d50f6ca68d476460276952bbc6444d411eac2083b785f8834bc663cfc193726a7d8e308fdae66f155afe63febad28aafd81c4
SSDEEP

6144:QO4yQWogx9rspKalfPGfgRsT5HzTtutoeb9V9w8LT0gqeGNJGZ0h7hqZqWD:QCC6MagRsT5T8FCeGqui

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Luke Ransomware.exe

Files

Luke Ransomware.exe.zip
.zip

Password: infected
Luke Ransomware.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Desktop\Bazek Ransomware\obj\Release\Bazek Ransomware.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 417KB - Virtual size: 417KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ