NoMoreRansom[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

NoMoreRansom.zip
Size

916KB
MD5

f315e49d46914e3989a160bbcfc5de85
SHA1

99654bfeaad090d95deef3a2e9d5d021d2dc5f63
SHA256

5cbb6442c47708558da29588e0d8ef0b34c4716be4a47e7c715ea844fbcf60d7
SHA512

224747b15d0713afcb2641f8f3aa1687516d42e045d456b3ed096a42757a6c10c6626672366c9b632349cf6ffe41011724e6f4b684837de9b719d0f351dfd22e
SSDEEP

24576:+FhIdZxByAl+XiqNk6n3DaeCTLD1yilc7KrBVw1lFVFDqE/zQRsAOfySS:AhAgo2ikhryLD1hcerklFVhqEMiAuySS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/[email protected]

Files

NoMoreRansom.zip
.zip

Password: mysubsarethebest
[email protected]
.exe windows:5 windows x86 arch:x86

Password: mysubsarethebest

f4aae2cc8a2971ab9714645e85b7edb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeSListHead
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadHugeReadPtr
IsDebuggerPresent
IsProcessorFeaturePresent
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LocalReAlloc
LockResource
MoveFileExA
MulDiv
MultiByteToWideChar
OpenFileMappingW
OutputDebugStringA
OutputDebugStringW
QueryDosDeviceW
QueryPerformanceCounter
RaiseException
ReadConsoleInputW
ReadConsoleW
ReadFile
InitializeCriticalSectionAndSpinCount
RtlMoveMemory
RtlUnwind
SetCalendarInfoA
SetComputerNameA
SetEvent
SetHandleCount
SetLastError
SetThreadExecutionState
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
lstrcmpA
lstrcmpW
lstrcmpiW
lstrlenA
InitializeCriticalSection
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalReAlloc
GlobalMemoryStatusEx
GlobalLock
GlobalHandle
GlobalGetAtomNameA
GlobalFree
GlobalFlags
GlobalFix
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetWindowsDirectoryW
GetVolumePathNamesForVolumeNameW
GetVersionExA
GetVersion
GetTimeZoneInformation
GetTickCount
GetTempFileNameA
GetTapePosition
GetSystemTimes
GetSystemTimeAsFileTime
GetSystemInfo
GetStdHandle
GetStartupInfoW
GetStartupInfoA
GetProcessHeap
GetProcAddress
GetPrivateProfileStringA
GetPrivateProfileIntW
GetPrivateProfileIntA
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
GetLongPathNameW
GetLocaleInfoA
GetLastError
GetFullPathNameW
GetFileType
GetFileSizeEx
GetFileSize
GetFileAttributesExW
GetEnvironmentStringsW
GetEnvironmentStrings
GetDiskFreeSpaceExW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetConsoleAliasExesLengthA
GetCommandLineW
GetCommandLineA
GetBinaryTypeA
FreeResource
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageA
FlushFileBuffers
FindVolumeClose
FindResourceA
FindNextVolumeW
FindFirstVolumeW
FindFirstVolumeMountPointW
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
ExitProcess
EnumResourceLanguagesA
EnumDateFormatsW
EnterCriticalSection
DosDateTimeToFileTime
DeleteFileW
DeleteFileA
DeleteCriticalSection
DeleteAtom
CreateThread
CreateFileW
CreateFileA
CreateEventW
CreateEventA
CopyFileA
ConvertDefaultLocale
CompareStringW
CompareStringA
CommConfigDialogW
CloseHandle
Beep
GetModuleHandleA
RtlFillMemory
VirtualAlloc

user32

MessageBoxW
ModifyMenuA
OpenClipboard
PeekMessageA
PostMessageA
PostMessageW
PostQuitMessage
PostThreadMessageA
PostThreadMessageW
PtInRect
RedrawWindow
RegisterClassA
RegisterClassExW
RegisterClipboardFormatA
RegisterClipboardFormatW
RegisterWindowMessageA
RegisterWindowMessageW
ReleaseDC
RemovePropA
RemovePropW
SendDlgItemMessageA
SendMessageA
SendMessageCallbackA
SendMessageTimeoutW
SendMessageW
SetActiveWindow
SetCursor
SetFocus
SetForegroundWindow
SetMenuInfo
SetMenuItemBitmaps
SetPropA
SetPropW
SetRect
SetScrollInfo
SetTimer
SetWindowLongA
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowTextA
SetWindowsHookExA
ShowWindow
SystemParametersInfoA
SystemParametersInfoW
TabbedTextOutA
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnregisterClassA
UnregisterDeviceNotification
UpdateLayeredWindow
UpdateWindow
ValidateRect
WINNLSGetEnableStatus
WaitMessage
WinHelpA
keybd_event
MessageBoxA
MapWindowPoints
MapVirtualKeyW
LoadCursorW
LoadCursorA
LoadBitmapA
KillTimer
IsWindowEnabled
IsWindow
IsDialogMessageA
IsCharAlphaNumericW
InvalidateRect
InflateRect
GrayStringA
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowModuleFileNameW
GetWindowModuleFileName
GetWindowLongW
GetWindowLongA
GetWindowDC
GetWindow
GetUserObjectSecurity
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropA
GetParent
GetNextDlgTabItem
GetMonitorInfoA
GetMessageW
GetMessageTime
GetMessagePos
GetMessageA
GetMenuState
GetMenuItemID
GetMenu
GetLastActivePopup
GetKeyState
GetInputState
GetIconInfo
GetFocus
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
GetCursorPos
GetComboBoxInfo
GetClientRect
GetClassNameW
GetClassNameA
GetClassLongA
GetClassInfoExW
GetClassInfoExA
GetClassInfoA
GetCapture
FrameRect
FindWindowW
FillRect
EnumWindows
EnumDesktopWindows
EndPaint
EndDialog
EnableWindow
EnableMenuItem
EmptyClipboard
DrawTextW
DrawTextExA
DrawTextA
DrawMenuBar
DrawFrameControl
DlgDirListComboBoxA
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DeregisterShellHookWindow
DefWindowProcA
DdeCmpStringHandles
CreateWindowExA
CreateDialogIndirectParamA
CopyRect
CopyImage
CloseClipboard
ClientToScreen
CheckMenuItem
CharNextA
ChangeMenuA
CallWindowProcW
CallWindowProcA
CallNextHookEx
BeginPaint
AppendMenuW
AllowSetForegroundWindow
AdjustWindowRectEx
CloseDesktop
GetCursor
GetWindowTextLengthW
PaintDesktop
GetDesktopWindow
CreatePopupMenu
GetKeyboardType
DestroyCursor
EndMenu
AnyPopup
OemKeyScan
GetTopWindow
IsCharUpperA
GetKBCodePage
GetSysColor
GetOpenClipboardWindow
GetForegroundWindow
GetDoubleClickTime
GetActiveWindow
CreateMenu
LoadIconA
IsWindowVisible
CopyIcon
GetDC
CharLowerW
IsCharLowerA
ShowCaret
IsIconic
GetMenuCheckMarkDimensions
OpenIcon
GetKeyboardLayout
GetWindowTextLengthA
ReleaseCapture
GetDlgCtrlID
CharNextW
GetDialogBaseUnits
CharUpperW
CharUpperA
LoadCursorFromFileA
GetAsyncKeyState
GetMenuItemCount

gdi32

PolyTextOutA
PtVisible
RectVisible
RemoveFontResourceExA
RestoreDC
STROBJ_bEnum
SaveDC
ScaleViewportExtEx
ScaleWindowExtEx
SelectObject
SetBkColor
PlayMetaFile
SetEnhMetaFileBits
SetICMMode
SetMapMode
SetPaletteEntries
SetRectRgn
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
TextOutA
XLATEOBJ_piVector
OffsetViewportOrgEx
GetTextFaceA
GetOutlineTextMetricsA
GetObjectA
GetGraphicsMode
GetGlyphOutlineWow
GetFontData
GetEnhMetaFilePaletteEntries
GetDeviceCaps
GetClipBox
GdiValidateHandle
GdiResetDCEMF
GdiProcessSetup
GdiInitializeLanguagePack
GdiGetLocalDC
SetDIBits
EndDoc
GdiEntry10
FrameRgn
ExtTextOutA
Escape
EqualRgn
EngStretchBltROP
EngCreateClip
EngCreateBitmap
DeleteObject
DeleteDC
CreatePalette
CreateICA
CreateFontIndirectA
CreateDIBSection
CreateBitmap
CopyMetaFileA
CLIPOBJ_ppoGetPath
AddFontMemResourceEx
RealizePalette
StrokePath
DeleteMetaFile
GetLayout
GetStretchBltMode
GetPixelFormat
AddFontResourceW
GetFontLanguageInfo
GetStockObject
UnrealizeObject
CloseEnhMetaFile
GetMapMode
AbortPath
SwapBuffers
GetEnhMetaFileW
DeleteColorSpace
SetMetaRgn
DeleteEnhMetaFile
GetSystemPaletteUse
GetTextAlign
CreateMetaFileA
AbortDoc
CancelDC
GdiFlush

advapi32

RegQueryValueExA
RegQueryValueA
RegOpenKeyExW
RegOpenKeyExA
RegOpenKeyA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegOpenKeyW
RegQueryValueExW
RegSetValueExA

shell32

ShellExecuteW
ShellExecuteEx
ShellAboutW
SHQueryRecycleBinW
SHPathPrepareForWriteA
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetPathFromIDListA
SHGetPathFromIDList
SHGetFolderPathW
SHGetFolderPathA
SHGetFolderLocation
SHGetFileInfoW
SHGetFileInfo
SHGetDiskFreeSpaceExW
SHGetDiskFreeSpaceA
SHGetDesktopFolder
SHGetDataFromIDListA
SHFileOperationW
SHFileOperationA
SHEmptyRecycleBinA
SHCreateDirectoryExA
ExtractIconExW
ExtractIconA
DuplicateIcon
DragQueryFileW
DragQueryFile
DragFinish
DragAcceptFiles
DoEnvironmentSubstW
CommandLineToArgvW

ole32

OleFlushClipboard
OleInitialize
OleIsCurrentClipboard
OleUninitialize
CoSuspendClassObjects
CoRevokeClassObject
CoResumeClassObjects
CoRegisterMessageFilter
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoFreeUnusedLibraries
CoCreateInstance
CoUninitialize

shlwapi

PathFindExtensionA
PathFindFileNameA
PathFindFileNameW
PathIsUNCA
PathStripToRootA
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW

Sections

.text
Size: 980KB - Virtual size: 979KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 671KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: mysubsarethebest

Password: mysubsarethebest

f4aae2cc8a2971ab9714645e85b7edb6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 980KB - Virtual size: 979KB

.rdata Size: 248KB - Virtual size: 248KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 163KB - Virtual size: 671KB

.text
Size: 980KB - Virtual size: 979KB

.rdata
Size: 248KB - Virtual size: 248KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 163KB - Virtual size: 671KB