zebrocy | HEUR-Trojan-Ransom[.]Win32[.]Generic-41c059f4dfaa143cc75df07f38f50d7d6ac0c6416d3e21aac2e530683c037fdf[.]7z

Reason

config extraction: Zebrocy: zebrocy: error EOF EOF

General

Target

HEUR-Trojan-Ransom.Win32.Generic-41c059f4dfaa143cc75df07f38f50d7d6ac0c6416d3e21aac2e530683c037fdf.7z
Size

1.5MB
MD5

3290585e13e51afac3b0e2e17fc18212
SHA1

146f76cbdbf088fba0ca2bbe1efece22cebfa254
SHA256

712b77a8e132fdef3974b4ce3cf5da81ed98fc4ef3754c407c696922d662df02
SHA512

5612dc1ef3be15387a3217aeaa4291eb361b659e47d96c51259bae2c63efffd17523c3235ac859b31fdc452012679878105b14883c14542d74543ac44a13da10
SSDEEP

24576:hfGKRIF3Cr01NK5+2i5L5kr+NcgpMSlG6ZKzoQMgvxk2RG8+u:lNQ9t5L5y+mclG6ZixBr+u

Score

10^/10

zebrocy

Zebrocy Go Variant 1 IoCs

resource	yara_rule
static1/unpack001/HEUR-Trojan-Ransom.Win32.Generic-41c059f4dfaa143cc75df07f38f50d7d6ac0c6416d3e21aac2e530683c037fdf.exe	Zebrocy

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HEUR-Trojan-Ransom.Win32.Generic-41c059f4dfaa143cc75df07f38f50d7d6ac0c6416d3e21aac2e530683c037fdf.exe

HEUR-Trojan-Ransom.Win32.Generic-41c059f4dfaa143cc75df07f38f50d7d6ac0c6416d3e21aac2e530683c037fdf.7z
.7z

Password: infected
HEUR-Trojan-Ransom.Win32.Generic-41c059f4dfaa143cc75df07f38f50d7d6ac0c6416d3e21aac2e530683c037fdf.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 191KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 902B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ