ffe650f4...9eb1

C:\Users\FD1HVy\Desktop\Ransomware.exe

Sample File

Binary

Malicious

»

Mime Type	application/vnd.microsoft.portable-executable
File Size	211.50 KB
MD5	6ceb9e638766001d7e7f803d71b4fed5
SHA1	44fb668cadeb0308bea74d4bcdaeb7a06b00cd9e
SHA256	ffe650f45fc31541f4c992f2d0e9e3a36dd8714fc7ed2625427d1edd8f349eb1
SSDeep	3072:XHjwtteTOv/xr+VBFaIqYIYiheeeeeeeeefYDeOWClppeppOpplppepppDppptpT:XjyVZrMBglSOvdiOsRw
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

PE Information

»

Image Base	0x400000
Entry Point	0x406e22
Size Of Code	0x5000
Size Of Initialized Data	0x2fc00
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2047-01-13 11:31:55+00:00

Version Information (11)

»

Assembly Version	1.0.0.0
Comments	-
CompanyName	-
FileDescription	Ransomware
FileVersion	1.0.0.0
InternalName	Ransomware.exe
LegalCopyright	Copyright © 2020
LegalTrademarks	-
OriginalFilename	Ransomware.exe
ProductName	-
ProductVersion	1.0.0.0

Sections (3)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x402000	0x4e28	0x5000	0x200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.76
.rsrc	0x408000	0x2f86c	0x2fa00	0x5200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.86
.reloc	0x438000	0xc	0x200	0x34c00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.08

Imports (1)

»

mscoree.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	0x0	0x402000	0x6df8	0x4ff8	0x0

Icons (1)

»

Memory Dumps (34)

»

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
ransomware.exe	1	0x00170000	0x001A9FFF	Relevant Image	32-bit	-	... Memory Dump Actions Go to Process Go to AV Match Download Dump
buffer	1	0x02145000	0x02145FFF	First Execution	32-bit	0x02145000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF3000	0x04BF4FFF	First Execution	32-bit	0x04BF3AE6	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02146000	0x02146FFF	First Execution	32-bit	0x021460E8	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x0081B000	0x0081BFFF	First Execution	32-bit	0x0081B2D1	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02145000	0x02145FFF	Content Changed	32-bit	0x021455CC	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF3000	0x04BF4FFF	Content Changed	32-bit	0x04BF3DDE	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02147000	0x02147FFF	First Execution	32-bit	0x0214702B	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x0081B000	0x0081BFFF	Content Changed	32-bit	0x0081B2D1	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF3000	0x04BF4FFF	Content Changed	32-bit	0x04BF44D6	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02146000	0x02146FFF	Content Changed	32-bit	0x02146A8F	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x02145000	0x02145FFF	Content Changed	32-bit	0x02145E60	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF3000	0x04BF4FFF	Content Changed	32-bit	0x04BF46B6	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF3000	0x04BF4FFF	Content Changed	32-bit	0x04BF4706	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF3000	0x04BF4FFF	Content Changed	32-bit	0x04BF4576	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF3000	0x04BF4FFF	Content Changed	32-bit	0x04BF4706	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF3000	0x04BF4FFF	Content Changed	32-bit	0x04BF48BE	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF3000	0x04BF4FFF	Content Changed	32-bit	0x04BF3AE6	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF3000	0x04BF4FFF	Content Changed	32-bit	0x04BF3BD6	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF3000	0x04BF4FFF	Content Changed	32-bit	0x04BF3A96	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF3000	0x04BF4FFF	Content Changed	32-bit	0x04BF495E	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF3000	0x04BF4FFF	Content Changed	32-bit	0x04BF4D2E	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF5000	0x04BF5FFF	First Execution	32-bit	0x04BF5026	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF3000	0x04BF4FFF	Content Changed	32-bit	0x04BF4F5E	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF5000	0x04BF5FFF	Content Changed	32-bit	0x04BF5586	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF3000	0x04BF4FFF	Content Changed	32-bit	0x04BF4E46	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF3000	0x04BF4FFF	Content Changed	32-bit	0x04BF3D16	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF6000	0x04BF6FFF	First Execution	32-bit	0x04BF623E	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF6000	0x04BF6FFF	Content Changed	32-bit	0x04BF62DE	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF6000	0x04BF6FFF	Content Changed	32-bit	0x04BF61C6	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF5000	0x04BF5FFF	Content Changed	32-bit	0x04BF5C26	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF5000	0x04BF5FFF	Content Changed	32-bit	0x04BF5DDE	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF5000	0x04BF5FFF	Content Changed	32-bit	0x04BF5D66	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x04BF6000	0x04BF6FFF	Content Changed	32-bit	0x04BF69F6	... Memory Dump Actions Go to Process Download Dump

Local AV Matches (1)

»

Threat Name	Severity
Gen:Heur.Ransom.RTH.1	Malicious

C:\Users\FD1HVy\Desktop\-pOUvA49q9yDM-0.mp4.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	52.44 KB
MD5	9f60fe19ff14963461f3409358620e07
SHA1	6bc48fcd9ca7f60d5dc2bfe9d94e3aa17fdc0cae
SHA256	740db96b825e21a044248a612b125ea55a4ca45c67597ad3b38b1f335a7c548c
SSDeep	1536:gLVzzn5+h1GBfZtokw77MzpjE2yGFcqjxGD:yxzgh1ifZtox7Mb7cq8
ImpHash	-

C:\Users\FD1HVy\Desktop\34aMTfpLUW1K.gif.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	138.92 KB
MD5	972d7ab6dfd874eee2c6749b01b473b9
SHA1	64664284e75c987dd6b687862a55e1ba670558a2
SHA256	bb607cf1ce63c7c34cc7f82d5412899b187a0efd030487a482818bf10a279b3a
SSDeep	3072:H4C9rdX5jTQs3e7SkZy56ATVkrsJRpwwucUoK6zxk+HA1FzyL5hPB:VfjLu71Zy5p2rsJRpwdWxzHOFzcB
ImpHash	-

C:\Users\FD1HVy\Desktop\5lmH1kaD1rJ.doc.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	12.40 KB
MD5	3ba128fda87568a314e6a28f9d06405f
SHA1	58323f9d87abc98358a350cf00b4d01a147eecd2
SHA256	819e27e3d7f9eef0fc1422b32bbdf86ea18e93623c75a9fffbe46947e69fb094
SSDeep	192:AjnlfHPm7pdAy7tXSlbOohemF+ycyf9dfIAhUv2xGDw4HM+JlYB6iyWLg6yeJ:0fvm9dAItioirfI2wD/JYfyWnF
ImpHash	-

C:\Users\FD1HVy\Desktop\8NSrnaP_Poci.gif.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	32.14 KB
MD5	152e93d584dffe6cb7411dfedce3d8fc
SHA1	c3839c49db1af818686425fd1e89db26070b1b3d
SHA256	621ae03b19b18809e6c5064d826c8daf04e909003d029d431dc94a5ddac45e30
SSDeep	768:vgamRs+r58lOH0dowaabFzCd8HF0tAdHbnfOiEyxAbER9uA:vXMVxzEFz1HCWHb2hy2bER0A
ImpHash	-

C:\Users\FD1HVy\Desktop\8oM0fBFRw.png.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	91.99 KB
MD5	4ec51e0f9469d6966d29da1d20d74c00
SHA1	49539aad8ff0a893f5cbfabaf45aae69bc6fc4a5
SHA256	f6d644cefc0850b801a9b44a60dcb39e99ad39d13996a1a2dd08f392fdf94cde
SSDeep	1536:QRqB5w1SL6FiPgy439k6JYpgcAvwD4s3KqxpeqCU/XKhKIFAMGburuzgqe0azIQt:Y9SL64gnN9wAvls3KqxpeqCU/DHMGbup
ImpHash	-

C:\Users\FD1HVy\Desktop\boER.bmp.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	87.20 KB
MD5	8df0334ec6b458372db1d1801fd4a440
SHA1	8820142f4700b1db0b12f3938e15763feeea0d7f
SHA256	96e94c06f7c91494f54f6f632e6c16a6544089ab435ad51d371c711cf3bd1293
SSDeep	1536:oZg+T1HEUyTvI7P+CKxc38dI/aY+YMKXtopU47t0Bt7RzsXjdjRV:f+TaNsT/K2Mh2toj+n7RzsTZP
ImpHash	-

C:\Users\FD1HVy\Desktop\bUMP5sioT8bBpe5Z.bmp.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	226.56 KB
MD5	b48cdc3f49d6575240ebdc19d864e081
SHA1	8f7162c3d02f7d22f8b8a99dc1cd062e325a85dd
SHA256	27b3d37a7842c28959d2e660173f7f8ebe66c2b8cce0f0406c4a5ff3b7dffb5d
SSDeep	6144:+cHnwjerK1s2iB/SQXF3di1nyOgHfYvSCkP:+pUwsB/fXj9l
ImpHash	-

C:\Users\FD1HVy\Desktop\CYRbwNZnNUjgINU SHVp.flv.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	175.30 KB
MD5	12719508c9f497964bf83b47df21893c
SHA1	33d95435d3e2fd3b6d4d12cd7d83d33a6d790a84
SHA256	d65d0f4e3ca9aed1ddc1e58a9495fec332ad6b010a71d554ea47a8d4504e82d1
SSDeep	3072:NqliCXqC8kQqNlZYTtTHLlSH01d9/vkikL/QHrXRWkKR7f9Lvw9BpqNE:NqzzDlZYPKW9nlkL/QLXRy7lLvw9Bpd
ImpHash	-

C:\Users\FD1HVy\Desktop\desktop.ini.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	389 Bytes
MD5	cd243e2f124f95d3d181b176fd62d93a
SHA1	1bafaa778536117484d139333a4c18a49e06fdc5
SHA256	a21a681e69d01ed52038de16bd659250ed8c971e67590184aa21c81e1cddc844
SSDeep	6:XuW0BMJx+2NM89h1w1S2mNL173bQKkVyZqDlUr3K1OZFzR9M4pWOmApAfDRQG47h:rPNMy1fvLz3gOZFQBOmAqhuQu
ImpHash	-

C:\Users\FD1HVy\Desktop\dqdSV4kY9.pptx.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	177.00 KB
MD5	626bb077a9de25d5c4e97e370e55e9c1
SHA1	89239a3f5f52edfdc1c9d7f00a1f947872a4bbe4
SHA256	30bb1b2a5fa82d344b84579dcc2a281bf967e9af853245611574173cae9f9508
SSDeep	3072:wpLM1fuEeq3eZixjEsLdFjIjP2+KhpxivWIp0HYXCrhPs9nczS6n1hr15U0M:hfFequ6EsjUjP2mWg0hr1AnczS6nDh2x
ImpHash	-

C:\Users\FD1HVy\Desktop\EOfkT_rHDDLu4.wav.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	218.85 KB
MD5	5001ec105dadce4e11385dda639dfdc0
SHA1	4b7b2b75b9a3ac390df92feb0af0abe4329ff82a
SHA256	aee6800cf25d7de8b38b9df66ee87f56cc5d01a22937a2a3d6d457212d7f9fb8
SSDeep	6144:skpSCNw3RRBD6R4iBKJfLIIzXlGRC3ALWp:Lw3DC4iBefLIIjluCwKp
ImpHash	-

C:\Users\FD1HVy\Desktop\G1JIgLVEFPxfFron.doc.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	106.27 KB
MD5	f5ee0642f665ba41001dcd55f6d611aa
SHA1	8a891c971587a1c33e1d3efea2e2ad5fc70bf66e
SHA256	42e56234dc4aa62934efae3197ee5d55f3b02bffffe2f5496cd8c651d5e6170c
SSDeep	1536:/pCSiNmp9U9CKGk0KH4Rn3mbzF6Rbyyn76Uyi+VKgxdsYmt1enHyY5LCYIx7ASkI:/pcyyhHCyqbyynLyRxQZt1eSEXsEoqs
ImpHash	-

C:\Users\FD1HVy\Desktop\G9ab7E_UM.png.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	23.10 KB
MD5	bcd03755841577f80d5ccbcb0e5bc316
SHA1	42ec8ede35fb1fd25d91f99e3ad4e40acab0dddf
SHA256	3a1a2cf9741504af06b5016fa6867a035b4bf8646f3ac29bd4ad407a8348dbf6
SSDeep	384:f2WGb3lcgRHoOfh7clj84DWjVHrTkDLqWm4XYkaAfS+eZ853C/qMyeA+c:f2hb3lcgRRqA5jhrTkDLqWm4oXARA85R
ImpHash	-

C:\Users\FD1HVy\Desktop\GNHCb.mkv.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	191.77 KB
MD5	001c5fede353b9b29cd8158b5c357d2c
SHA1	f781a9fab3637af10588a5903853fdb608b64825
SHA256	55a2d42ad58bf5892dd0a4cfd4e10c1922d0ff0521ef1514ffd4d0f0f2bdb2da
SSDeep	3072:h5MF8L8GwAwhiAm8ZjDhhA2UH7tt1rniqRt7FdXi6D91rJskdRmMsp7mZHef8:LbsPZjtqBjJDX7Fdig91jdapKtT
ImpHash	-

C:\Users\FD1HVy\Desktop\HP5W0_xtTy4_IV.jpg.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	215.72 KB
MD5	49e44ead7dcfafef6fe885d077d65a78
SHA1	3deab7e94f18f3c9a073aefb8840c98183f303c4
SHA256	6a813a9dfeab42948a56d478e06170b992e48e57a72a6ca589c57f7aec5b9ade
SSDeep	3072:LBZ36tsJLu6czZ8tWRJ9xo66PE7t7d7cYKhmVRg5hli/10MKdMn9z5RZjlMJh5Lr:LBZ3gsJqpT8gd7cYh+ISdMptjKJh5Lr
ImpHash	-

C:\Users\FD1HVy\Desktop\IIi7TDDxZ8.wav.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	186.00 KB
MD5	fdafe801ab7c1431cb37d3ba295c682b
SHA1	156fc1cb612d34cecc3261f836d66c1e49928bf9
SHA256	b4017a7f7a76fe95b119bf1886baea841b684e7a57df91ebc8f2d94f386ee430
SSDeep	3072:3wBnuO95d+NMpN2WhEBgYzCoM0l4mU2IkPw3zFz4xQt/wQ9CHtgZy9OlhUVccI9z:3wBnuydBpN2E8Dpl4mBBPwjFz4xyv4HW
ImpHash	-

C:\Users\FD1HVy\Desktop\IUcs1x8V.swf.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	87.05 KB
MD5	852740bc80728c847f25782fa266692d
SHA1	4ed852b22f879098ccf7dd12ce0e85fa879d9664
SHA256	e7d78626fd8fc11e424ece2ea5f4cac23099a2053d9d9759a65cf359bf7efae8
SSDeep	1536:WzvgCA8mZNMVl5AigcOJFyXckPmhGX3K6ECPqI6+DIiQz5X3++RtIxxA0ZeArnJT:WzRAtEVl5CJFKckO4a6ECPqIlCtX3+0Q
ImpHash	-

C:\Users\FD1HVy\Desktop\kWAJNH0.wav.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	191.39 KB
MD5	7afb65d539f8e2dce64fb44cf842f98d
SHA1	ce044ee84d84b6abe1197f10c736cf07c58f959a
SHA256	5ea9cb31c75910349bbe37e28bacaa3b389b152b08293089a3ae78bd1fec4040
SSDeep	3072:8fiByIXTj/Lq1zIdcl5tnhsuJt7x2AXoYrkT6ozCcZNsJ0iQeO5pOkGBlp70HEBv:8fWHDjLUIdclOuJtoAXoYMOcbMRMOkqn
ImpHash	-

C:\Users\FD1HVy\Desktop\lgm4cLHmP1c_TDDe-f J.avi.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	182.03 KB
MD5	98685debdf722e2c9886df51c9ca1c07
SHA1	d971ef89098b88583e5ff7e8c5f5a9211741923c
SHA256	e3ff148848079f0ef39ea8b278bd88bb4c58504341b0a7c3caf6955bc453c0da
SSDeep	3072:m9mugOlxjp24p7otqAoLvc5bS4ONycy4ontyQtG5YJwbtHala4HGca/K7Xz2os2C:m9XVxQZIArbh7c3ozUtUa4mcaiWoYNO2
ImpHash	-

C:\Users\FD1HVy\Desktop\mUsss9M.m4a.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	8.19 KB
MD5	e4b4e4ae7433aee17f88c939a3dc654d
SHA1	6c59e83c1918a30046ae74f145bb5ac14ac7b348
SHA256	82832e9c13e9bddbde71a02074c59b54fd8e1050d5f8258a2bcbb612fe71b209
SSDeep	192:RQ248M9TTbpEqcgfxic1HL4EC+u8WbUJ3AN68MittTpXYubM1:cz1EqpQc9L4EOfb03AN3Kubg
ImpHash	-

C:\Users\FD1HVy\Desktop\q KD9Zan-WxpTnH.avi.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	97.54 KB
MD5	91ce595ab0198b360912f239fdeed3b9
SHA1	08c38ccfc4cf2c0b7311f871367384f32e9c3ad3
SHA256	3c70651f14321faad3b9f0c70bc6144cb313a371835680dede4d8411d6cac585
SSDeep	3072:r8NKy1ohaly3bHbaR9da1c/r8yVUvpOvcj0VgvwVz:g4halSHband9/r8yV0pWfz
ImpHash	-

C:\Users\FD1HVy\Desktop\Q0E9HxM mfXEN.gif.Cobra

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	232.87 KB
MD5	ec1ded093747c05b9d9af811ec0f0281
SHA1	37646636a88feb59c5b2f9b296db385e52a9dfab
SHA256	00ee8af7fc3108c5269484e3507b04ee83dd1b7f5de2567679048865ccb97fb0
SSDeep	6144:XdTCO14Gmp1Qm8d7kpX19nUMUdSPW7kc/1jLQ8wG8IIro+Tt:XaGmp1Q9do51eMUdS+QyZiTkYt
ImpHash	-

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After