Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-Oct-31 06:08:40 |
Detected languages |
English - United States
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 63/71 (Scanned on 2024-03-31 23:01:45) |
ALYac:
Trojan.Ransom.MedusaLocker
APEX: Malicious AVG: Win32:RansomX-gen [Ransom] AhnLab-V3: Ransomware/Win.MedusaLocker.R335910 Alibaba: Ransom:Win32/Medusalocker.9b2 Antiy-AVL: Trojan[Ransom]/Win32.Medusa Arcabit: Generic.Ransom.MedusaLocker.5C3CF31C Avast: Win32:RansomX-gen [Ransom] Avira: HEUR/AGEN.1367031 BitDefender: Generic.Ransom.MedusaLocker.5C3CF31C BitDefenderTheta: Gen:NN.ZexaF.36802.PuW@aK13@tci Bkav: W32.AIDetectMalware CAT-QuickHeal: Ransom.Medusa.S13913779 ClamAV: Win.Ransomware.Medusalocker-9811271-0 CrowdStrike: win/malicious_confidence_100% (W) Cybereason: malicious.72afbb Cylance: unsafe Cynet: Malicious (score: 100) DeepInstinct: MALICIOUS DrWeb: Trojan.DownLoader30.34100 ESET-NOD32: a variant of Win32/Filecoder.MedusaLocker.C Emsisoft: Generic.Ransom.MedusaLocker.5C3CF31C (B) F-Secure: Heuristic.HEUR/AGEN.1367031 FireEye: Generic.mg.646698572afbbf24 Fortinet: W32/Filecoder.NYA!tr.ransom GData: Win32.Trojan-Ransom.Medusa.A Google: Detected Gridinsoft: Ransom.Win32.Filecoder.oa!s1 Ikarus: Trojan-Ransom.Medusalocker Jiangmin: Trojan.DelShad.ka K7AntiVirus: Trojan ( 0055a9531 ) K7GW: Trojan ( 0055a9531 ) Kaspersky: Trojan-Ransom.Win32.Medusa.n Kingsoft: Win32.Troj.Generic.jm Lionic: Trojan.Win32.Medusa.trmQ MAX: malware (ai score=100) Malwarebytes: Generic.Malware.AI.DDS MaxSecure: Trojan.Malware.74712304.susgen McAfee: Ransomware-GUN!646698572AFB MicroWorld-eScan: Generic.Ransom.MedusaLocker.5C3CF31C Microsoft: Ransom:Win32/MedusaLocker.AC!MTB NANO-Antivirus: Trojan.Win32.Medusa.ggetwi Panda: Trj/Genetic.gen Rising: Ransom.MedusaLocker!1.C21A (CLASSIC) Sangfor: Ransom.Win32.Save.a SentinelOne: Static AI - Malicious PE Skyhigh: BehavesLike.Win32.Generic.jh Sophos: Troj/Medusa-Fam Symantec: Ransom.GlobeImposter TACHYON: Ransom/W32.MedusaLocker.685568 Tencent: Trojan-Ransom.Win32.Filecoder.16000562 TrendMicro: Ransom.Win32.MEDUSALOCKER.SMTH TrendMicro-HouseCall: Ransom.Win32.MEDUSALOCKER.SMTH VBA32: Trojan.DelShad VIPRE: Generic.Ransom.MedusaLocker.5C3CF31C Varist: W32/Ransom.OB.gen!Eldorado ViRobot: Trojan.Win32.Z.Medusalocker.685568.BB VirIT: Trojan.Win32.Genus.IKJ Xcitium: Malware@#7cjnwimxf334 Yandex: Trojan.GenAsa!UnIYK6oKv/c Zillya: Trojan.Filecoder.Win32.10829 ZoneAlarm: Trojan-Ransom.Win32.Medusa.n alibabacloud: RansomWare:Win/Medusalocker |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x110 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2019-Oct-31 06:08:40 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x72c00 |
SizeOfInitializedData | 0x35800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0003A327 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x74000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xab000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
Process32NextW
Process32FirstW CreateProcessW GetTickCount CopyFileW GetCurrentProcess WriteConsoleW CreateToolhelp32Snapshot OpenProcess WaitForSingleObject TerminateProcess FindClose FindNextVolumeW GetVolumePathNamesForVolumeNameW FindVolumeClose SetVolumeMountPointW FindFirstVolumeW QueryDosDeviceW GetEnvironmentVariableW GetLogicalDrives GetProcessHeap MoveFileExW SetFilePointerEx HeapAlloc CloseHandle GetLastError SetFileAttributesW GetFileAttributesW CreateFileW WriteFile HeapSize GetConsoleMode GetConsoleCP FlushFileBuffers SetStdHandle FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineW GetCommandLineA GetOEMCP GetACP IsValidCodePage HeapReAlloc GetFileType GetTimeZoneInformation EnumSystemLocalesW HeapFree GetFileSizeEx GetUserDefaultLCID IsValidLocale GetTimeFormatW GetDateFormatW GetStdHandle ReadFile OpenMutexW Sleep CreateMutexW GetModuleFileNameW SetEnvironmentVariableW EncodePointer DecodePointer RaiseException GetCurrentThreadId IsProcessorFeaturePresent QueueUserWorkItem GetModuleHandleExW EnterCriticalSection LeaveCriticalSection TryEnterCriticalSection DeleteCriticalSection QueryPerformanceCounter QueryPerformanceFrequency FormatMessageW WideCharToMultiByte MultiByteToWideChar FindFirstFileExW FindNextFileW GetFileAttributesExW SetLastError InitializeCriticalSectionAndSpinCount CreateEventW SwitchToThread TlsAlloc TlsGetValue TlsSetValue TlsFree GetSystemTimeAsFileTime GetModuleHandleW GetProcAddress WaitForSingleObjectEx GetStringTypeW CompareStringW LCMapStringW GetLocaleInfoW GetCPInfo SetEvent ResetEvent UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent GetStartupInfoW GetCurrentProcessId InitializeSListHead LocalFree CreateTimerQueue SignalObjectAndWait CreateThread SetThreadPriority GetThreadPriority GetLogicalProcessorInformation CreateTimerQueueTimer ChangeTimerQueueTimer DeleteTimerQueueTimer GetNumaHighestNodeNumber GetProcessAffinityMask SetThreadAffinityMask RegisterWaitForSingleObject UnregisterWait GetCurrentThread GetThreadTimes FreeLibrary FreeLibraryAndExitThread GetModuleHandleA LoadLibraryExW GetVersionExW VirtualAlloc VirtualProtect VirtualFree DuplicateHandle ReleaseSemaphore InterlockedPopEntrySList InterlockedPushEntrySList InterlockedFlushSList QueryDepthSList UnregisterWaitEx LoadLibraryW RtlUnwind ExitProcess |
---|---|
ADVAPI32.dll |
CryptExportKey
RegCreateKeyW RegOpenKeyExW RegSetValueExW RegCloseKey CryptReleaseContext CryptGenKey CryptImportKey OpenProcessToken GetTokenInformation CloseServiceHandle OpenSCManagerW DeleteService ControlService EnumDependentServicesW OpenServiceW QueryServiceStatusEx CryptDestroyKey CryptAcquireContextW CryptEncrypt CryptDuplicateKey RegDeleteValueW |
SHELL32.dll |
SHEmptyRecycleBinW
|
ole32.dll |
CLSIDFromString
IIDFromString CoInitializeEx CoGetObject CoInitialize CoUninitialize CoCreateInstance CoInitializeSecurity |
OLEAUT32.dll |
SysAllocStringByteLen
VariantClear SysAllocString SysStringByteLen VariantInit SysFreeString |
CRYPT32.dll |
CryptStringToBinaryA
|
MPR.dll |
WNetGetConnectionW
|
NETAPI32.dll |
NetApiBufferFree
NetShareEnum |
IPHLPAPI.DLL |
IcmpSendEcho
IcmpCloseHandle GetAdaptersInfo IcmpCreateFile |
WS2_32.dll |
inet_addr
|
RstrtMgr.DLL |
RmShutdown
RmRegisterResources RmStartSession RmGetList RmEndSession |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Oct-31 06:08:40 |
Version | 0.0 |
SizeofData | 940 |
AddressOfRawData | 0x9903c |
PointerToRawData | 0x9803c |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Oct-31 06:08:40 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
StartAddressOfRawData | 0x4993f8 |
---|---|
EndAddressOfRawData | 0x499400 |
AddressOfIndex | 0x4a31a8 |
AddressOfCallbacks | 0x474398 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0xa4 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x49f074 |
SEHandlerTable | 0x498b50 |
SEHandlerCount | 315 |
XOR Key | 0x8be15043 |
---|---|
Unmarked objects | 0 |
ASM objects (VS2017 v14.15 compiler 26715) | 17 |
C++ objects (VS2017 v14.15 compiler 26715) | 169 |
C objects (VS2017 v14.15 compiler 26715) | 23 |
C objects (CVTCIL) (VS2017 v14.15 compiler 26715) | 1 |
ASM objects (27521) | 24 |
C++ objects (27521) | 131 |
C objects (27521) | 36 |
Imports (VS2017 v14.15 compiler 26715) | 23 |
Total imports | 219 |
C++ objects (LTCG) (VS2019 Update 1 (16.1) compiler 27702) | 13 |
Resource objects (VS2019 Update 1 (16.1) compiler 27702) | 1 |
Linker (VS2019 Update 1 (16.1) compiler 27702) | 1 |