ransomware[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ransomware.zip
Size

310KB
MD5

5cb6e7afbe516e77d68a608aca14e734
SHA1

3788ce2378246f84b96d1c8cb539916ad850d457
SHA256

b2c49f07d7116a98a3f9a252d05f9fc83194b5f288b0736573858be83f6b6919
SHA512

67e44cdbf9b4770474c1ca41dda1aeac08fd55de87e147176caa2ff53ece4c7fc76299b732f0822ca5f22ea568328a983dadf7c1671393b507ef739722529f68
SSDEEP

6144:XNf8QceibNmq5/5qoiWxttoyWVFKFwnXmNKYtZJw/AANNdjth:XJ8QcvMk5eWftpBenYhLuth

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2b17ed4a6cb47f0c38e7d21aec4dc0db0df9369506faf6ba60239431c9ec677a.exe

Files

ransomware.zip
.zip

Password: infected
2b17ed4a6cb47f0c38e7d21aec4dc0db0df9369506faf6ba60239431c9ec677a.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Desktop\Bazek Ransomware\obj\Release\Bazek Ransomware.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 417KB - Virtual size: 417KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ