xorist | eb9dca0881c7b5ed5b1cb7ac04b306e981df4aecdc48d3bf4411d6628f45c3d5N

General

Target

eb9dca0881c7b5ed5b1cb7ac04b306e981df4aecdc48d3bf4411d6628f45c3d5N
Size

356KB
MD5

2f28b8c035885d1833e4adda6ae11320
SHA1

ebf45964e2d688b5b0264d9d188d42cea870ca50
SHA256

eb9dca0881c7b5ed5b1cb7ac04b306e981df4aecdc48d3bf4411d6628f45c3d5
SHA512

65fe144ec445426f7ffee7cfc62c09df913d8fbd298da07c65b4cc54e4f00be2d06889e4ab2faa5c12a2161602523b098d050d7195dab7308a7b12ce1af88dee
SSDEEP

768:NrVDCW0FmBkpKjvHVVY7VDCF/PvZJGsy:Nr4WOU8sFHRJB

Score

10^/10

upx xorist

Malware Config

Signatures

Detected Xorist Ransomware 1 IoCs

resource	yara_rule
sample	family_xorist

Xorist family
xorist

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb9dca0881c7b5ed5b1cb7ac04b306e981df4aecdc48d3bf4411d6628f45c3d5N

Files

eb9dca0881c7b5ed5b1cb7ac04b306e981df4aecdc48d3bf4411d6628f45c3d5N
.exe windows:4 windows x86 arch:x86

a0deb8071c32128179c3007388714bd1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

lstrlenA
CloseHandle
CopyFileA
CreateFileA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FreeResource
GetCommandLineA
GetEnvironmentVariableA
GetFileAttributesA
GetFileSize
GetFileTime
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetProcessHeap
GetTempPathA
GetWindowsDirectoryA
GlobalFree
HeapAlloc
LoadResource
LockResource
MoveFileA
ReadFile
RtlMoveMemory
SetErrorMode
SetFilePointer
SetFileTime
SizeofResource
WriteFile
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
RegCreateKeyExA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
RegSetValueExA
RegDeleteKeyA
CryptAcquireContextA
RegCloseKey
CryptReleaseContext
CryptHashData
InitCommonControls
CreateFontIndirectA
ShellExecuteA
SHGetSpecialFolderPathA
PathFindFileNameA
PathFindExtensionA
PathAddBackslashA
PathMatchSpecA
RegisterClassExA
PeekMessageA
SendMessageA
LoadCursorA
GetSystemMetrics
GetMessageA
GetDlgItemTextA
EndPaint
SystemParametersInfoA
TranslateMessage
UpdateWindow
MessageBoxA
DispatchMessageA
DefWindowProcA
CreateWindowExA
BeginPaint

Sections

UPX0
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a0deb8071c32128179c3007388714bd1

Headers

File Characteristics

Imports

Sections

UPX0 Size: 152KB - Virtual size: 152KB

UPX1 Size: 8KB - Virtual size: 8KB

.rsrc Size: 192KB - Virtual size: 192KB

UPX0
Size: 152KB - Virtual size: 152KB

UPX1
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 192KB - Virtual size: 192KB