220105-edpatsabeq_pw_infected[.]zip | Triage

Sharing

General

Target

220105-edpatsabeq_pw_infected.zip
Size

127KB
MD5

f7e64237f3f1bf0f476aa8e368e564a3
SHA1

83a18316640bbd5bd115ebb6072f3a4c2a41245f
SHA256

f02c37f619d4bd2d0b16092a95599a59b45def9e18f46d733c8a885ffd776bbf
SHA512

427bab03cf41a311ac8a2bcc5226cb653b6b00d4ff0adff62a173a220bf862350a40e00b1f1848e2db10a9b23ae92b641e8dd034112476fb60c938107973c923
SSDEEP

3072:jjOeD7z15hPNDgvJ714Gx9dzo2iPoX27q9HEnwJ3lw3G9fi:jjnh599EhiPUEqDVJK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Ransomware.exe

Files

220105-edpatsabeq_pw_infected.zip
.zip

Password: infected
Ransomware.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Pandax40\source\repos\TR\TR\obj\Debug\Ransomware.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ