359a962f1be98d4c102745c07e7af0ae

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Mar-02 23:49:06

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++
Microsoft Visual C++ v6.0
Suspicious PEiD Signature: MoleBox v2.0
Suspicious The PE is packed or was manually edited. Unusual section name found: 0\x00ext
Section 0\x00ext is both writable and executable.
Unusual section name found: 1\x00data
Section 1\x00data is both writable and executable.
Unusual section name found: 2\x00ata
Section 2\x00ata is both writable and executable.
Unusual section name found: 3\x00ext
Section 3\x00ext is both writable and executable.
Unusual section name found: 4\x00data
Section 4\x00data is both writable and executable.
Unusual section name found: 5\x00ata
Section 5\x00ata is both writable and executable.
The number of imports reported in the RICH header is inconsistent.
Suspicious The PE contains functions most legitimate programs don't use. Manipulates other processes:
  • WriteProcessMemory
Malicious VirusTotal score: 53/67 (Scanned on 2018-04-10 17:02:51) Bkav: W32.HfsAutoB.DA39
MicroWorld-eScan: Trojan.GenericKD.12674841
nProtect: Ransom/W32.Crusis.126464.G
CAT-QuickHeal: Trojan.Zenshirsh.SL7
ALYac: Trojan.Ransom.Crysis
Cylance: Unsafe
Zillya: Trojan.GenericKD.Win32.98038
SUPERAntiSpyware: Ransom.Crysis/Variant
TheHacker: W32/Behav-Heuristic-065
K7GW: Trojan ( 00519f781 )
K7AntiVirus: Trojan ( 00519f781 )
Invincea: heuristic
Cyren: W32/Trojan.ZYQF-5534
Symantec: Ransom.Crysis
TrendMicro-HouseCall: Ransom_WADHRAMA.N
Paloalto: generic.ml
ClamAV: Win.Trojan.Agent-6494854-0
Kaspersky: Trojan-Ransom.Win32.Crusis.to
BitDefender: Trojan.GenericKD.12674841
NANO-Antivirus: Trojan.Win32.Crusis.evzldf
Avast: FileRepMalware
Tencent: Win32.Trojan.Raas.Auto
Ad-Aware: Trojan.GenericKD.12674841
Sophos: Mal/Generic-S
DrWeb: Trojan.Encoder.3953
VIPRE: Trojan.Win32.Generic!BT
TrendMicro: Ransom_WADHRAMA.N
McAfee-GW-Edition: BehavesLike.Win32.Generic.cc
Emsisoft: Trojan.Agent (A)
SentinelOne: static engine - malicious
Jiangmin: Trojan.Crusis.mv
Webroot: W32.Trojan.Gen
Avira: TR/Crypt.XPACK.Gen
Endgame: malicious (high confidence)
Arcabit: Trojan.Generic.DC16719
AegisLab: Troj.Ransom.W32!c
ZoneAlarm: Trojan-Ransom.Win32.Crusis.to
Microsoft: Ransom:Win32/Wadhrama
AhnLab-V3: Trojan/Win32.Crysis.C2259351
McAfee: Generic.cwi
AVware: Trojan.Win32.Generic!BT
MAX: malware (ai score=100)
VBA32: TrojanRansom.Crusis
ESET-NOD32: a variant of Win32/Filecoder.Crysis.P
Rising: Trojan.Ransom.Crysis!1.A6AA (CLASSIC)
Yandex: Trojan.Crusis!
Ikarus: Trojan-Ransom.FileCoder
GData: Trojan.GenericKD.12674841
AVG: FileRepMalware
Cybereason: malicious.f1be98
Panda: Trj/GdSda.A
CrowdStrike: malicious_confidence_90% (W)
Qihoo-360: Win32/Trojan.Ransom.714

Hashes

MD5 359a962f1be98d4c102745c07e7af0ae
SHA1 40edd311a6b93b03eb42815c4d2cd870e3c5f0b1
SHA256 f252d80d6a976641dd4f9010fd1db6e097cd64a37533c6f962ede6a9161d0a82
SHA3 6b4e32e188129b01b5a42bf24b0d7e2fcd4bb2cf7d44bacf45ab7da70788417d
SSDeep 3072:9c3hICiK1hbQm/RAANlq3yORwFg1s+KOD7xlCrHlAlt9W:oynK7ppNlqHRzC+KKlCpoW
Imports Hash 5d129c3b6a642d0c529630f62c156352

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xc8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 6
TimeDateStamp 2017-Mar-02 23:49:06
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0
SizeOfInitializedData 0x1ea00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0001AB23 (Section: 3\x00ext)
BaseOfCode 0x19000
BaseOfData 0xb000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x34000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

0\x00ext

MD5 85cd2ebe7db24ddf34da2b8adf85fd9d
SHA1 140446c732a6af9f33b7d3eb7c06899001a93416
SHA256 cc016db688e1913225766eac3a0fae8f6ecb3d0411d5a1913d2dce7c60bc3417
SHA3 ee9d8c6fd85ea99e028330b2c9ecdd6cbb785aaabe09da37e5772962a1ba45ae
VirtualSize 0x9c25
VirtualAddress 0x1000
SizeOfRawData 0x4a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.9803

1\x00data

MD5 480259fc3c64a2c52ac168816a0fd757
SHA1 702caab39fd88ad156f936da6407e01d6ba208d8
SHA256 3d68f123dff220132f1f384d09ab491506e42904638ae4d11f73eb5701c81eeb
SHA3 71936930145c4d669924a0fe6382002ecdd996d4906afd58518a2f75ff1a8d58
VirtualSize 0x2636
VirtualAddress 0xb000
SizeOfRawData 0x1c00
PointerToRawData 0x4e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.97085

2\x00ata

MD5 7eab0b1e3490b87a609d998ece4ed6aa
SHA1 bb64513c7338ef10e0bfd8e93d3428e63172368b
SHA256 70be1669e234bbf74cff59ad0361277bb77cf16e8d9db490406b73bb95b028f9
SHA3 54f2b00fca1871e64d5e224b237cac738e9098506bc13d7205942343d8b86694
VirtualSize 0xaad5
VirtualAddress 0xe000
SizeOfRawData 0xa800
PointerToRawData 0x6a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99402

3\x00ext

MD5 892800823cfb755d7aeafcad19040913
SHA1 d0e52f87d6ee2c6cbdf31d4a44647ab761a32753
SHA256 ae5c990ec0c38dcef8c502e300b5c7f62171a7203dcf6efc23646e1d41b6479e
SHA3 39deafd629931077265a82ea15d653a56a5eaa7d55e490036fa3c7e3633661e6
VirtualSize 0x1136f
VirtualAddress 0x19000
SizeOfRawData 0xb200
PointerToRawData 0x11200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.89145

4\x00data

MD5 cd1c3d2823ace388f5fd5fda62662591
SHA1 2f565a49a7810c41ca5fa6861e17bc093eb60ee7
SHA256 70fc2d86cd30f23d566005db71bec6f85c0e73a3fed1229ebd4eb2b4414c30c5
SHA3 d7d28ed7c8b848af7b35265e89118e97addc76b4834c2b67faecb7c3452c293e
VirtualSize 0xd38
VirtualAddress 0x2b000
SizeOfRawData 0xe00
PointerToRawData 0x1c400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.42944

5\x00ata

MD5 c708e1fe015536b009900fb574ab046f
SHA1 4cd759f29251e9964a7565e561f5e9e1278688d3
SHA256 d8a5fbee5bacb17db476c91c656ad1d0c2a4afcacc9107b0d1b5348e43c0d25d
SHA3 3fafd3c3b6a433c6ab9940ec094d1e094e8d34d9cad9be0361cf42c3f8e50571
VirtualSize 0x70f0
VirtualAddress 0x2c000
SizeOfRawData 0x1c00
PointerToRawData 0x1d200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.97524

Imports

KERNEL32.dll InitializeCriticalSection
GetProcAddress
LocalFree
RaiseException
LocalAlloc
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
SearchPathA
ResumeThread
WriteProcessMemory
GetPrivateProfileSectionA
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
USER32.dll DefWindowProcA
AdjustWindowRectEx

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x70f06a4
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 3
Total imports 10
174 (VS2010 SP1 build 40219) 11
Linker (VS2010 SP1 build 40219) 1

Errors