xorist | EncoderBuilder password vazonez[.]rar

Resubmissions

04-01-2025 10:12

250104-l8py6svlfx 10

04-01-2025 10:11

250104-l7xbvsxjgk 10

04-01-2025 10:09

250104-l61ynaxjdr 10

Sharing

Copy URL

Twitter E-mail

General

Target

EncoderBuilder password vazonez.rar
Size

557KB
MD5

db9a548705cfc15f405f571fddecffe0
SHA1

c43f7d464a44f442a8a3fb5bd4e77c290c02240f
SHA256

5986ff1c3dc4ae35fb9747b6b591f527cd1b77393cc3a77b936a46d4b3936c29
SHA512

0a842a158eee3239b024494d250bc1a81f2d0c53778aa755629d601bfafc53fec06e19c955ea4d0d8b81a4bfcb562f36fbbe806bbaa66734f23c0b877351cf18
SSDEEP

12288:MAXGxT7VXQsuNcw4GcRxf4u4xO1OBa4dtCtog/8p+lTSG:yT7VXcNYVxgxOArg0klTSG

Score

10^/10

upx xorist

Malware Config

Signatures

Detected Xorist Ransomware 2 IoCs

resource	yara_rule
static1/unpack001/bin/Encoder_Builder_v2.4.exe	family_xorist
static1/unpack001/src/crypter/crypter.exe	family_xorist

Xorist family
xorist

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/src/Builder/upx_bin/upx.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bin/Encoder_Builder_v2.4.exe
unpack001/src/Builder/upx_bin/upx.exe
unpack001/src/crypter/crypter.exe

Files

EncoderBuilder password vazonez.rar
.rar

Password: vazonez
bin/Encoder_Builder_v2.4.exe
.exe windows:4 windows x86 arch:x86

Password: vazonez

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 407KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
src/Builder/Builder.bdsproj
src/Builder/Builder.bdsproj.local
src/Builder/Builder.cfg
src/Builder/Builder.dpr
src/Builder/Builder.identcache
src/Builder/Builder.res
src/Builder/Md5.dcu
src/Builder/Md5.pas
src/Builder/RESOURCES.PAS
src/Builder/RESOURCES.dcu
src/Builder/Strawberry.ico
src/Builder/Unit1.dcu
src/Builder/Unit1.dfm
src/Builder/Unit1.pas
.vbs
src/Builder/upx_bin/build.bat
src/Builder/upx_bin/upx.RES
src/Builder/upx_bin/upx.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 281KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
src/Builder/upx_bin/upx.rc
src/crypter/1.bmp
src/crypter/Crypter.asm
src/crypter/Decrypt.asm
src/crypter/Hash.asm
src/crypter/Notification.asm
src/crypter/ReadOptions.asm
src/crypter/Recursive.asm
src/crypter/SelfDelete.asm
src/crypter/TEA.asm
src/crypter/Window.asm
src/crypter/build.bat
src/crypter/crypter.exe
.exe windows:4 windows x86 arch:x86

Password: vazonez

0d5a4c77fb840a628560e02b85835ba4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

RegisterClassExA
PeekMessageA
SendMessageA
LoadCursorA
GetSystemMetrics
GetMessageA
GetDlgItemTextA
EndPaint
SystemParametersInfoA
TranslateMessage
UpdateWindow
MessageBoxA
DispatchMessageA
DefWindowProcA
CreateWindowExA
BeginPaint

kernel32

lstrlenA
CloseHandle
CopyFileA
CreateFileA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FreeResource
GetCommandLineA
GetEnvironmentVariableA
GetFileAttributesA
GetFileSize
GetFileTime
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetProcessHeap
GetTempPathA
GetWindowsDirectoryA
GlobalFree
HeapAlloc
LoadResource
LockResource
MoveFileA
ReadFile
RtlMoveMemory
SetErrorMode
SetFilePointer
SetFileTime
SizeofResource
WriteFile
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

advapi32

RegCreateKeyExA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
RegSetValueExA
RegDeleteKeyA
CryptAcquireContextA
RegCloseKey
CryptReleaseContext
CryptHashData

shlwapi

PathFindFileNameA
PathFindExtensionA
PathAddBackslashA
PathMatchSpecA

gdi32

CreateFontIndirectA

comctl32

InitCommonControls

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
src/crypter/manifest.xml
src/crypter/rsrc.rc
src/crypter/stub.RES
src/crypter/stub.rc

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: vazonez

Password: vazonez

Headers

File Characteristics

Sections

CODE Size: 428KB - Virtual size: 427KB

DATA Size: 6KB - Virtual size: 5KB

BSS Size: - Virtual size: 2KB

.idata Size: 9KB - Virtual size: 8KB

.tls Size: - Virtual size: 52B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 32KB - Virtual size: 31KB

.rsrc Size: 407KB - Virtual size: 407KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.2MB

UPX1 Size: 281KB - Virtual size: 284KB

.rsrc Size: 1KB - Virtual size: 4KB

Password: vazonez

0d5a4c77fb840a628560e02b85835ba4

Headers

File Characteristics

Imports

user32

kernel32

shell32

advapi32

shlwapi

gdi32

comctl32

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 184B

CODE
Size: 428KB - Virtual size: 427KB

DATA
Size: 6KB - Virtual size: 5KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: - Virtual size: 52B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 407KB - Virtual size: 407KB

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 281KB - Virtual size: 284KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 184B