SerbRansom Builder[.]zip

General

Target

SerbRansom Builder.zip
Size

475KB
MD5

68aa3cf6d676a0f251f1984ead9201a8
SHA1

32d61d8526685e8ae85456a53a16a01be7d7ce90
SHA256

32efdb98f0ddd4e3277f3549f58bed0c154ded95ebb14e6713a7e1f4bb1a4148
SHA512

c714163b8ca48fb507683856776a7a945370c406c303112495297b8a0d78dfe12fbf14ba983c41e4524ddab522e38ba3df9cbdeb631dfaeaa318b63532612413
SSDEEP

12288:75EVR55hqkz+lzBgt12kvG951YP49HFOLY/jn7lRI:75Ej5jeEt12uG9Xl5ALY/j7Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SerbRansom/Mono.Cecil.dll
unpack001/SerbRansom/builder.exe

Files

SerbRansom Builder.zip
.zip
SerbRansom/Mono.Cecil.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\njq8\Desktop\jbevain-cecil-0.9.5-73-ga5ffcc0\jbevain-cecil-a5ffcc0\obj\net_2_0_Debug\Mono.Cecil.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SerbRansom/builder.exe
.exe .js windows:4 windows x86 arch:x86 polyglot

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\r4z0rx0r\Desktop\TOP\NOD 32 Bypass\Ransomware by Destroyer 2017\Ransomware by Destroyer 2017\obj\Debug\Ransomware by Destroyer 2017.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 303KB - Virtual size: 302KB

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 350KB - Virtual size: 350KB

.sdata Size: 512B - Virtual size: 312B

.rsrc Size: 213KB - Virtual size: 212KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 303KB - Virtual size: 302KB

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 350KB - Virtual size: 350KB

.sdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 213KB - Virtual size: 212KB

.reloc
Size: 512B - Virtual size: 12B