play | bc381dbeff70b5869fa737860c8cd8a8684cc768981beb55543499efcd32bab7

General

Target

bc381dbeff70b5869fa737860c8cd8a8684cc768981beb55543499efcd32bab7
Size

178KB
MD5

4519a5876b3e77568105da0f1c2ebb4d
SHA1

78823aed1ec75b00214dccd654f5ea5dd38cfd58
SHA256

bc381dbeff70b5869fa737860c8cd8a8684cc768981beb55543499efcd32bab7
SHA512

f4a106b983a3c330983a6bce311cff54241c9a9b7aac31116a1ee0ebca9f20126d9e584f4b6b8fbbd3498fbb4632d1fe6373e08fd7dc3f0819fe9ebd8d9c69f9
SSDEEP

3072:Yrl2uRkddO+iR7OZOQ+dzeIP9mwUGU3l2bxW1/9JnOC/fhKJ2hXh3lmG:22uyqOh2g8U12K9dtEWx17

Score

10^/10

ransomware play

Malware Config

Signatures

Play family
play

Play ransomware payload 1 IoCs

ransomware

resource	yara_rule
sample	family_play

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc381dbeff70b5869fa737860c8cd8a8684cc768981beb55543499efcd32bab7

Files

bc381dbeff70b5869fa737860c8cd8a8684cc768981beb55543499efcd32bab7
.exe windows:6 windows x86 arch:x86

bfaffd974eb97f13ae5b4b98aa20c81e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetProcAddress
Sleep
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
DecodePointer

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfaffd974eb97f13ae5b4b98aa20c81e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 136KB - Virtual size: 136KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 7KB - Virtual size: 9KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 136KB - Virtual size: 136KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 7KB - Virtual size: 9KB

.reloc
Size: 6KB - Virtual size: 5KB