1da3bb21...15e3

VTI SCORE: 96/100

Dynamic Analysis Report

Classification: Trojan

1da3bb217a3d771d357edfc401ac3835c29066e5d0a795e12aabd4b888bd15e3 (SHA256)

Godsomware.exe

Windows Exe (x86-32)

Created at 2018-10-06 16:50:00

Notifications (1/1)

The operating system was rebooted during the analysis.

Filters:

Filename	Category	Type	Severity	Actions

C:\Users\CIiHmnxMn6Ps\Desktop\Godsomware.exe

Sample File

Binary

Blacklisted

Mime Type	application/x-dosexec
File Size	2.18 MB
MD5	a569f53cea651e45340ce04742ff345d
SHA1	061f2639ef163811bbd7f89a68d3bcb53c925b84
SHA256	1da3bb217a3d771d357edfc401ac3835c29066e5d0a795e12aabd4b888bd15e3
SSDeep	49152:BT3q666wmnmnmRhtqvE7DTm/8888s8888:BT3q666FmmRhtqc7DTY8888s8888
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Severity	Blacklisted
First Seen	2018-09-30 00:48 (UTC+2)
Last Seen	2018-10-04 18:56 (UTC+2)
Names	ByteCode-MSIL.Trojan.Wanna
Families	Wanna
Classification	Trojan

PE Information

Image Base	0x400000
Entry Point	0x61d8ca
Size Of Code	0x21ba00
Size Of Initialized Data	0x11a00
File Type	executable
Subsystem	windows_gui
Machine Type	i386
Compile Timestamp	2077-12-06 23:29:17+00:00

Version Information (11)

Assembly Version	1.0.0.0
LegalCopyright	Copyright Godsomware © 2018 All Reverved
InternalName	Godsomware.exe
FileVersion	1.0.0.0
CompanyName	NinjaGhost
LegalTrademarks	Ninja
Comments	Ransomware God Crypt v1.0 by NinjaGhost
ProductName	Godsomware v1.0
ProductVersion	1.0.0.0
FileDescription	God Crypt v1.0
OriginalFilename	Godsomware.exe

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x402000	0x21b8d0	0x21ba00	0x200	cnt_code, mem_execute, mem_read	7.51
.rsrc	0x61e000	0x11750	0x11800	0x21bc00	cnt_initialized_data, mem_read	4.73
.reloc	0x630000	0xc	0x200	0x22d400	cnt_initialized_data, mem_discardable, mem_read	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	0x0	0x402000	0x21d8a0	0x21baa0	0x0

Icons (1)

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Notifications (1/1)

There are no files for this filter

WHOIS Domain Information

Before

After