e120d531b7da357b8c9fe4172a3b53c2e6eddfcc701a76cbce8a7a09b63b538c[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

e120d531b7da357b8c9fe4172a3b53c2e6eddfcc701a76cbce8a7a09b63b538c.exe
Size

147KB
MD5

3dfa97751d9b74984c353be2f1da5508
SHA1

3ab278f6f4ae48b8616f55c4b445ce2349b03a68
SHA256

e120d531b7da357b8c9fe4172a3b53c2e6eddfcc701a76cbce8a7a09b63b538c
SHA512

a9f70ac6018e37918f0b211c05b2c98e7bdbfa0bf782edd8ce9ed7fb8c8bd1c3deb094e0e5a19fe14a044023824d52daed8d556e8331ed7b4fe205453cf05204
SSDEEP

3072:xSOCPeTzv5sKdp1gsvtj/tvF1BpVM2P4sFVGcMsBPFJWVxOemEBgACOUX:xSO3zv5fpm2h3BpO2lVDMsLL8UX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e120d531b7da357b8c9fe4172a3b53c2e6eddfcc701a76cbce8a7a09b63b538c.exe

Files

e120d531b7da357b8c9fe4172a3b53c2e6eddfcc701a76cbce8a7a09b63b538c.exe
.exe windows:6 windows x86 arch:x86

4c4c7112ff5e1d8c87ccbd4b380fb26d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\Debug Ransomware\Release\Crypter.pdb

Imports

kernel32

WaitForMultipleObjects
SetThreadPriority
GetQueuedCompletionStatus
lstrlenA
FindClose
PostQueuedCompletionStatus
SetFileAttributesW
GetCurrentThread
GetSystemInfo
LoadLibraryW
CreateThread
SetVolumeMountPointW
SetFilePointerEx
LocalFree
MoveFileExW
FindVolumeClose
FindNextFileW
ReleaseMutex
GetVolumePathNamesForVolumeNameW
FindNextVolumeW
CreateIoCompletionPort
GetDriveTypeW
HeapCreate
HeapFree
HeapSize
HeapAlloc
GetProcessHeap
DecodePointer
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
FindFirstVolumeW
GetFileSizeEx
FindFirstFileW
GetLogicalDrives
GetTickCount
GetModuleHandleW
ExitProcess
GetProcAddress
GetNativeSystemInfo
GetLastError
Sleep
GetCurrentProcessId
OpenProcess
WaitForSingleObject
CreateMutexW
SetProcessShutdownParameters
TerminateProcess
GetCurrentProcess
SetPriorityClass
ReadFile
DeleteCriticalSection
GetLocalTime
CloseHandle
GetCommandLineW
lstrcatW
CreateFileW
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
WriteFile
EnterCriticalSection
lstrcmpiW
lstrcpyW
lstrlenW
SetThreadExecutionState
LCMapStringW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFileType
GetModuleHandleExW
GetStdHandle
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
WriteConsoleW

user32

GetDC
ReleaseDC
SystemParametersInfoW
DrawTextW
wsprintfW

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
CreateFontW
GetDIBits
GetDeviceCaps
DeleteDC
GetTextExtentPoint32W
SetTextColor
SetBkMode
SetBkColor
DeleteObject

advapi32

DeleteService
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
RegCloseKey
RegEnumKeyW
CloseServiceHandle
ClearEventLogW
OpenSCManagerW
RegCreateKeyExW
CloseEventLog
ControlService
EnumDependentServicesW
RegSetValueExW
OpenEventLogW
RegOpenKeyExW
OpenServiceW
QueryServiceStatusEx
RegQueryValueExW

shell32

SHGetFolderPathW
SHEmptyRecycleBinW
CommandLineToArgvW
ShellExecuteW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoSetProxyBlanket

oleaut32

VariantInit
SysAllocString
VariantClear

ntdll

RtlAdjustPrivilege

rstrtmgr

RmStartSession
RmEndSession
RmRegisterResources
RmGetList

shlwapi

StrStrIW
PathFindExtensionW
PathRemoveFileSpecW

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c4c7112ff5e1d8c87ccbd4b380fb26d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ntdll

rstrtmgr

shlwapi

Sections

.text Size: 95KB - Virtual size: 94KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 2KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 95KB - Virtual size: 94KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 2KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 5KB