chaos | crynox[.]exe | Triage

Sharing

General

Target

crynox.exe
Size

299KB
MD5

e6e2f46331a60acfc399f10ff842345d
SHA1

514945da2f3518753b22df05786e6dce446d7ec1
SHA256

c50584f0f5cccb28d192fb2540077792732b8afe1eb887cc3657d60980d9ad02
SHA512

08842cb745dc04c6a2f0233b69647502cdc2920c2f520415507b98d54b7086f15282ba177baf93c11fbd6415467f1fb84df5a05a8d1923f47737344b6843333c
SSDEEP

3072:drQkc9kuFo+p2afIyTBjMnuNjg710OpYVm/+FbN/damWsJ7gUev+Tvx:95c9Vf2qIuNLiapdz1JMdv+T

Score

10^/10

chaos

Malware Config

Signatures

Chaos Ransomware 1 IoCs

resource	yara_rule
sample	family_chaos

Chaos family
chaos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
crynox.exe

Files

crynox.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ