2024-10-21_a0c1b4301b5c438659f8af7b18f94a15_gandcrab

Sharing

Copy URL

Twitter E-mail

General

Target

2024-10-21_a0c1b4301b5c438659f8af7b18f94a15_gandcrab
Size

93KB
MD5

a0c1b4301b5c438659f8af7b18f94a15
SHA1

577c5c9c8a2310d25a51afaf3a0e91395b9b8784
SHA256

f5aaca5c1ceebd3facddb259a6b8a7b66479d4971e21b8ef12308cb9ec91a864
SHA512

4e285d99d1a332d17abfab8e28a8bbb99803f96db4e0be000ce55a8780a6f80f7a1235857eaf75ff975a5b0b8a41fc211c3a491835e96047cbb7262a75e328d8
SSDEEP

1536:i8I5zikGDU3YpVhzLLpcJCUZgp2kepphlBbhzOcrHuTcWN9:5MGkcwuVhvLeCEPkepPfhzjHU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-21_a0c1b4301b5c438659f8af7b18f94a15_gandcrab

Files

2024-10-21_a0c1b4301b5c438659f8af7b18f94a15_gandcrab
.exe windows:5 windows x86 arch:x86

d71852a2633f383493a9c72f871d6a75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

NdrClientCall2

kernel32

GetLastError
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
WaitForMultipleObjects
CloseHandle
lstrcmpiW
OpenMutexW
GetModuleFileNameW
ExpandEnvironmentStringsW
GetDriveTypeA
GetSystemDirectoryW
VirtualUnlock
GetComputerNameW
MultiByteToWideChar
GetTickCount
lstrcmpiA
EnterCriticalSection
LeaveCriticalSection
VirtualLock
GetProcAddress
WriteFile
GetSystemTime
ExitThread
GetModuleHandleW
CreateFileW
GetVolumeInformationW
WideCharToMultiByte
VerSetConditionMask
LoadLibraryA
GetModuleHandleA
ExitProcess
GlobalAlloc
GlobalFree
LocalAlloc
MulDiv
GetTempPathW
VirtualQuery
LoadLibraryW
LoadLibraryExW
ReadFile
ConnectNamedPipe
CreateEventW
CreateNamedPipeW
GetFullPathNameW
GetCurrentProcess
GetShortPathNameW
GetProcessHeap
VirtualFree
VirtualAlloc
lstrlenW
Sleep
lstrcmpW
VerifyVersionInfoW

user32

GetDC
ReleaseDC
FillRect
wsprintfW
DrawTextW
DrawTextA
wsprintfA

gdi32

SetBitmapBits
GetBitmapBits
CreateBitmap
GetObjectW
SetTextColor
SetPixel
CreateCompatibleDC
CreateFontW
DeleteDC
DeleteObject
GetDeviceCaps
GetDIBits
GetPixel
GetStockObject
SelectObject
SetBkColor
CreateCompatibleBitmap

ole32

CoUninitialize
CoCreateInstance
CoInitialize

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d71852a2633f383493a9c72f871d6a75

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

kernel32

user32

gdi32

ole32

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 5KB - Virtual size: 8KB

.data Size: 22KB - Virtual size: 24KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 5KB - Virtual size: 8KB

.data
Size: 22KB - Virtual size: 24KB

.reloc
Size: 1KB - Virtual size: 1KB