HorrorRansom2[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

HorrorRansom2.zip
Size

5.3MB
MD5

22f6e25307fd15095ba49fd9665a1e6b
SHA1

6011de27d69edb92d4df6549d934c02ee1f44f20
SHA256

e35e00db7a42854f98bee73de3845419bd5acd17acd99cda4aad5eeb7ac1eb12
SHA512

2ad712e73ddc138a7137c2e25094a4e8e0f67f0a9699daae053e9069b080c6d07d981f58c2657f12767bfa619bfe7c07d1f1f5d55822f79fe2f943668ad9868f
SSDEEP

98304:c1fb/Dzc0/E0ZZ+kDRmO7GvjGjF+ZooKgOKdTW+pNbpBhHWeALUpYKUVxzRXOfZ+:0bvXLZTJGvijF15rKdCGLEUpjUVFRG+

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/HorrorRansom2.exe	upx
static1/unpack001/HorrorRansom2Decryptor.exe	upx
static1/unpack001/source/Bat To Exe Converter/Bat_To_Exe_Converter.exe	upx
static1/unpack001/source/decryptor/HorrorRansom2Decryptor.exe	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HorrorRansom2.exe
unpack001/HorrorRansom2Decryptor.exe
unpack001/source/Bat To Exe Converter/Bat_To_Exe_Converter.exe
unpack001/source/bootdata.exe
unpack001/source/decryptor/HorrorRansom2Decryptor.exe
unpack001/source/decryptor/bootdata.exe
unpack001/source/mbr.exe

Files

HorrorRansom2.zip
.zip
HorrorRansom2.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HorrorRansom2Decryptor.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
readme.txt
source/Bat To Exe Converter/Bat_To_Exe_Converter.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 548KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 396KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
source/Bat To Exe Converter/help.chm
.chm
source/Bat To Exe Converter/settings.ini
source/HorrorRansom2.cmd
source/bootdata.exe
.exe windows:6 windows x86 arch:x86

095c46b0acc0d625f3b3e194dfc98095

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

vcruntime140

memset

api-ms-win-crt-stdio-l1-1-0

_set_fmode

api-ms-win-crt-runtime-l1-1-0

exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.MPRESS1
Size: 6KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
source/decryptor/HorrorRansom2Decryptor.cmd
source/decryptor/HorrorRansom2Decryptor.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
source/decryptor/bootdata.exe
.exe windows:6 windows x86 arch:x86

095c46b0acc0d625f3b3e194dfc98095

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

vcruntime140

memset

api-ms-win-crt-stdio-l1-1-0

_set_fmode

api-ms-win-crt-runtime-l1-1-0

exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.MPRESS1
Size: 6KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
source/mbr.cpp
source/mbr.exe
.exe windows:4 windows x86 arch:x86

0341b2251534bec6e436b281a0639ffe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AddAtomA
CloseHandle
CreateEventA
CreateFileA
CreateMutexA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FindAtomA
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
QueryPerformanceCounter
ReleaseMutex
ReleaseSemaphore
ResetEvent
ResumeThread
SetCriticalSectionSpinCount
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__dllonexit
__doserrno
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_fdopen
_filelengthi64
_fileno
_fileno
_fmode
_fstat64
_ftime
_initterm
_iob
_lock
_lseeki64
_onexit
_read
_setjmp3
_strnicmp
_unlock
_write
_write
abort
atoi
calloc
exit
fclose
fflush
fgetpos
fopen
fprintf
fputc
fputs
fread
free
fsetpos
fwrite
getc
getenv
getwc
isspace
iswctype
localeconv
longjmp
malloc
memchr
memcmp
memmove
printf
putc
putwc
realloc
setlocale
setvbuf
signal
sprintf
strchr
strcmp
strcoll
strerror
strftime
strncmp
strxfrm
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcsftime
wcslen
wcsxfrm

ntdll

memcpy
memset
strlen

Sections

.text
Size: 512KB - Virtual size: 511KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/note.bmp
source/note.txt
source/wp3847521.jpg
.jpg

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 5.3MB

UPX1 Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 40KB

UPX1 Size: 27KB - Virtual size: 28KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 548KB

UPX1 Size: 396KB - Virtual size: 400KB

.rsrc Size: 47KB - Virtual size: 48KB

095c46b0acc0d625f3b3e194dfc98095

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.MPRESS1 Size: 6KB - Virtual size: 28KB

.MPRESS2 Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 40KB

UPX1 Size: 27KB - Virtual size: 28KB

.rsrc Size: 2KB - Virtual size: 4KB

095c46b0acc0d625f3b3e194dfc98095

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.MPRESS1 Size: 6KB - Virtual size: 28KB

.MPRESS2 Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

0341b2251534bec6e436b281a0639ffe

Headers

File Characteristics

Imports

kernel32

msvcrt

ntdll

Sections

.text Size: 512KB - Virtual size: 511KB

.data Size: 25KB - Virtual size: 25KB

.rdata Size: 33KB - Virtual size: 33KB

.bss Size: - Virtual size: 3KB

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 32B

/4 Size: 2KB - Virtual size: 1KB

/19 Size: 116KB - Virtual size: 116KB

/31 Size: 19KB - Virtual size: 19KB

/45 Size: 25KB - Virtual size: 24KB

UPX0
Size: - Virtual size: 5.3MB

UPX1
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 40KB

UPX1
Size: 27KB - Virtual size: 28KB

.rsrc
Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 548KB

UPX1
Size: 396KB - Virtual size: 400KB

.rsrc
Size: 47KB - Virtual size: 48KB

.MPRESS1
Size: 6KB - Virtual size: 28KB

.MPRESS2
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

UPX0
Size: - Virtual size: 40KB

UPX1
Size: 27KB - Virtual size: 28KB

.rsrc
Size: 2KB - Virtual size: 4KB

.MPRESS1
Size: 6KB - Virtual size: 28KB

.MPRESS2
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.text
Size: 512KB - Virtual size: 511KB

.data
Size: 25KB - Virtual size: 25KB

.rdata
Size: 33KB - Virtual size: 33KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 32B

/4
Size: 2KB - Virtual size: 1KB

/19
Size: 116KB - Virtual size: 116KB

/31
Size: 19KB - Virtual size: 19KB

/45
Size: 25KB - Virtual size: 24KB

/57
Size: 9KB - Virtual size: 9KB

/70
Size: 1KB - Virtual size: 1KB

/81
Size: 72KB - Virtual size: 72KB

/92
Size: 3KB - Virtual size: 3KB