dec22084f515b2c145f9019143d860a3

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Mar-02 23:49:06
Debug artifacts C:\crysis\Release\PDB\payload.pdb

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to SHA1
Uses constants related to AES
Suspicious The PE is possibly packed. The PE only has 9 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Malicious VirusTotal score: 58/69 (Scanned on 2018-11-23 05:00:53) Bkav: W32.RansomeDNZ.Trojan
MicroWorld-eScan: Trojan.Ransom.Crysis.E
CAT-QuickHeal: Trojan.Mauvaise.SL1
McAfee: Ransom-WW!DEC22084F515
Cylance: Unsafe
TheHacker: Trojan/Filecoder.Crysis.l
K7GW: Trojan ( 00519f781 )
K7AntiVirus: Trojan ( 00519f781 )
Arcabit: Trojan.Ransom.Crysis.E
TrendMicro: Mal_Crysis
F-Prot: W32/Wadhrama.B
Symantec: Ransom.Crysis
ESET-NOD32: a variant of Win32/Filecoder.Crysis.P
TrendMicro-HouseCall: Mal_Crysis
Paloalto: generic.ml
ClamAV: Win.Trojan.Dharma-6668198-0
Kaspersky: Trojan-Ransom.Win32.Crusis.to
BitDefender: Trojan.Ransom.Crysis.E
NANO-Antivirus: Trojan.Win32.Filecoder.emdnxn
ViRobot: Trojan.Win32.Ransom.94720.F
SUPERAntiSpyware: Ransom.Crysis/Variant
Avast: Win32:Malware-gen
Tencent: Trojan-Ransom.Win32.Crysis.a
Ad-Aware: Trojan.Ransom.Crysis.E
Emsisoft: Trojan.Ransom.Crysis.E (B)
Comodo: TrojWare.Win32.Crysis.D@6sd9xy
F-Secure: Trojan.Ransom.Crysis.E
DrWeb: Trojan.Encoder.3953
Zillya: Dropper.Crusis.Win32.239
Invincea: heuristic
McAfee-GW-Edition: BehavesLike.Win32.Ransom.nc
Trapmine: malicious.high.ml.score
Sophos: Troj/Criakl-G
SentinelOne: static engine - malicious
Cyren: W32/Trojan.ILHO-9216
Jiangmin: Trojan.Crypren.ic
Webroot: W32.Ransom.Gen
Avira: TR/Dropper.Gen
Antiy-AVL: Trojan/Win32.AGeneric
Endgame: malicious (high confidence)
Microsoft: Ransom:Win32/Wadhrama
AegisLab: Trojan.Win32.Crusis.4!c
ZoneAlarm: Trojan-Ransom.Win32.Crusis.to
GData: Win32.Trojan-Ransom.VirusEncoder.A
TACHYON: Ransom/W32.crysis.94720
AhnLab-V3: Trojan/Win32.Crysis.R213980
VBA32: TrojanRansom.Crusis
ALYac: Trojan.Ransom.Crysis
MAX: malware (ai score=100)
Malwarebytes: Ransom.Crysis.Generic
Rising: Trojan.Ransom.Crysis!1.A6AA (CLOUD)
Ikarus: Trojan-Ransom.Crysis
Fortinet: W32/Crysis.L!tr.ransom
AVG: Win32:Malware-gen
Cybereason: malicious.4f515b
Panda: Generic Malware
CrowdStrike: malicious_confidence_100% (W)
Qihoo-360: Malware.Radar01.Gen

Hashes

MD5 dec22084f515b2c145f9019143d860a3
SHA1 a0651506f56e6fdb6f3677752552ddf8a8fee1e2
SHA256 6ff6037243dc68bd7183564d98257edfd7f1b87675eceada2bd809545280d17b
SHA3 3359861c7fb37760bf59073c5340fc26e5c5fec13b33bcceb48416255144ce1e
SSDeep 1536:mBwl+KXpsqN5vlwWYyhY9S4AzknaueFHcgAt26j18yuZ4M8MPHG5YVfJ:Qw+asqN5aW/hLPFH3At26j18yuuMfHR
Imports Hash f86dec4a80961955a89e7ed62046cc0e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xc8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2017-Mar-02 23:49:06
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 10.0
SizeOfCode 0x9e00
SizeOfInitializedData 0xd400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000A9D0 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xb000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x19000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 fbdfbbcd720021a23c9e78b5511496b0
SHA1 5c72be2ee3d19205fa9ff61766ad3f95555b66c0
SHA256 e11cf5407738e542c34408869af06b533085ceaf3b07206fe7acab65d1695381
SHA3 0ffac7c9104c4f77b665ea11b8400816d08c36b8c812808918f2950f7d224ae6
VirtualSize 0x9c25
VirtualAddress 0x1000
SizeOfRawData 0x9e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.96531

.rdata

MD5 bbeae82a2350eeb7334fa155ebec76d2
SHA1 6dd024c3a83bb3b23509791884386b7052b94f73
SHA256 ef62a9f07c1027610b7f143c15cc0080767610a602ce6545ed265c8d5b1f9dad
SHA3 71568bf51acdceff6afdecd40eca3016cf8a0a882b8a33f8262df8dec7048b23
VirtualSize 0x2636
VirtualAddress 0xb000
SizeOfRawData 0x2800
PointerToRawData 0xa200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.78504

.data

MD5 e251415b661268f76862cd1ea24992bb
SHA1 67f3fc9298575c591768a3e50b458fdaba719092
SHA256 5bf013b0089946b09ca10716c8c2769ca078f8b8fc3d2cc1e1bf3ccabe4a5eb3
SHA3 0527217157102782b0eabda4acaf18aea590b145ac38e3e538fba299fefc135c
VirtualSize 0xaad5
VirtualAddress 0xe000
SizeOfRawData 0xa800
PointerToRawData 0xca00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.98277

Imports

KERNEL32.dll GetProcAddress
LoadLibraryA
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetLastError
EnterCriticalSection
ReleaseMutex
CloseHandle

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2017-Mar-02 23:49:06
Version 0.0
SizeofData 58
AddressOfRawData 0xd5fc
PointerToRawData 0xc7fc
Referenced File C:\crysis\Release\PDB\payload.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x70f06a4
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 3
Total imports 10
174 (VS2010 SP1 build 40219) 11
Linker (VS2010 SP1 build 40219) 1

Errors