General
Structural Analysis
Config.0
Yara Rules18
Sync
Community
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 44e7411bbf42e816004b9839b314696e
|
| Sha1 | 6cd6d5d5e71254c2a03c02c04e936e66668d1937
|
| Sha256 | e3d1aa310773e97c7b36b720c555c52dac09f3904177c75da367b0f0e51dc2fe
|
| Sha384 | a9b54449b685a90a92121b9d488822c30753c81631abf85b88286110c88d164d9b6951e7a4825c901ef5ee2ca5966f08
|
| Sha512 | f954a54ddae6ca9be475bfb805bec6e11464c414192e651c65d64f3b23268c9a3f1ea42d79049d850ab374fe95d0b4674512bd1eba3fa9ad9d38233c46177580
|
| SSDeep | 196608:FPYGvlt3ah11Irw0yzQiDO+lSnTjdCibVZL/Lf+9/fIy0G:CuS11T0yzPDOLThCiRZLTf8Ay0G
|
| TLSH | BE86338628AE74BDBD5BF7A33688742C4C62A309F14C136DA8CDED6DEB66701758C131
|
File Structure
e
background.png
background.png-preview.png
HCR2Ransomware.exe
Overlay_7f58c87c.bin
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
_RDATA
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0-preview.png
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
RT_GROUP_CURSOR4
ID:0000
ID:0
RT_MANIFEST
ID:0001
ID:0
side.png
side.png-preview.png
Artefacts
|
Name0 | Value |
|---|---|
| URLs in VB Code - #1 | http://schemas.microsoft.com/SMI/2016/WindowsSettings |
44e7411bbf42e816004b9839b314696e (8.07 MB)
File Structure
e
background.png
background.png-preview.png
HCR2Ransomware.exe
Overlay_7f58c87c.bin
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
_RDATA
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0-preview.png
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
RT_GROUP_CURSOR4
ID:0000
ID:0
RT_MANIFEST
ID:0001
ID:0
side.png
side.png-preview.png
Characteristics
No malware configuration were found at this point.
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| URLs in VB Code - #1 | http://schemas.microsoft.com/SMI/2016/WindowsSettings |
44e7411bbf42e816004b9839b314696e > e > HCR2Ransomware.exe |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.