Behavioral task
behavioral1
Sample
QON0P_FreeVbucks.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
QON0P_FreeVbucks.exe
Resource
win10v2004-20250314-en
General
-
Target
QON0P_FreeVbucks.exe
-
Size
2.7MB
-
MD5
a988089a040efd226b8c801f1d527d17
-
SHA1
2cf4a52f0d2313dd7a7619bbc61681aecdcb2610
-
SHA256
40a4b00e9904e973795b36d57e35da10f2543dfc55a54ac25a88da5c53e55a84
-
SHA512
e591aafc86c3c370be73347441bd576c995538f8d19fcadc3e25f9c36193d3be08fbb5a65134d84168b203c87f5d533a96442f481f8c14741f36d4ed9a8277e4
-
SSDEEP
24576:ivC7suY2Mlva2bpmGB3rgkTsZGvSKgkatV9hLG37WDd/OKAVlAL4lGhty:iibM0NkA8leL
Malware Config
Signatures
-
Chaos Ransomware 1 IoCs
resource yara_rule sample family_chaos -
Chaos family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource QON0P_FreeVbucks.exe
Files
-
QON0P_FreeVbucks.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 2.7MB - Virtual size: 2.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ