General

Malware Config

Signatures

Files

• 2024-06-27_6d50275da10f1aceaff97fd152fa6cbd_gandcrab

  .exe windows:5 windows x86 arch:x86

  40306b615af659fc1f93cfb121cc38d9

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  SetFilePointer

  GetFileAttributesW

  ReadFile

  GetLastError

  MoveFileW

  lstrcpyW

  SetFileAttributesW

  CreateMutexW

  GetDriveTypeW

  VerSetConditionMask

  WaitForSingleObject

  GetTickCount

  InitializeCriticalSection

  OpenProcess

  GetSystemDirectoryW

  TerminateThread

  Sleep

  TerminateProcess

  VerifyVersionInfoW

  WaitForMultipleObjects

  DeleteCriticalSection

  ExpandEnvironmentStringsW

  lstrlenW

  SetHandleInformation

  lstrcatA

  MultiByteToWideChar

  CreatePipe

  lstrcmpiA

  Process32NextW

  CreateToolhelp32Snapshot

  LeaveCriticalSection

  EnterCriticalSection

  FindFirstFileW

  lstrcmpW

  FindClose

  FindNextFileW

  GetNativeSystemInfo

  GetComputerNameW

  GetDiskFreeSpaceW

  GetWindowsDirectoryW

  GetVolumeInformationW

  LoadLibraryA

  lstrcmpiW

  VirtualFree

  CreateThread

  CloseHandle

  lstrcatW

  CreateFileMappingW

  ExitThread

  CreateFileW

  GetModuleFileNameW

  WriteFile

  GetModuleHandleW

  UnmapViewOfFile

  MapViewOfFile

  GetFileSize

  GetEnvironmentVariableW

  lstrcpyA

  GetModuleHandleA

  VirtualAlloc

  Process32FirstW

  GetTempPathW

  GetProcAddress

  GetProcessHeap

  HeapFree

  HeapAlloc

  lstrlenA

  CreateProcessW

  ExitProcess

  IsProcessorFeaturePresent

  user32

  wsprintfW

  TranslateMessage

  RegisterClassExW

  LoadIconW

  SetWindowLongW

  EndPaint

  BeginPaint

  LoadCursorW

  GetMessageW

  ShowWindow

  CreateWindowExW

  SendMessageW

  DispatchMessageW

  DefWindowProcW

  UpdateWindow

  GetForegroundWindow

  DestroyWindow

  gdi32

  TextOutW

  advapi32

  CryptExportKey

  AllocateAndInitializeSid

  RegSetValueExW

  RegCreateKeyExW

  RegCloseKey

  CryptAcquireContextW

  CryptGetKeyParam

  CryptReleaseContext

  CryptImportKey

  CryptEncrypt

  CryptGenKey

  CryptDestroyKey

  GetUserNameW

  RegQueryValueExW

  RegOpenKeyExW

  FreeSid

  shell32

  SHGetSpecialFolderPathW

  ShellExecuteExW

  ShellExecuteW

  crypt32

  CryptStringToBinaryA

  CryptBinaryToStringA

  wininet

  InternetCloseHandle

  HttpAddRequestHeadersW

  HttpSendRequestW

  InternetConnectW

  HttpOpenRequestW

  InternetOpenW

  InternetReadFile

  psapi

  EnumDeviceDrivers

  GetDeviceDriverBaseNameW

  Sections

  .text

  Size: 32KB - Virtual size: 32KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 33KB - Virtual size: 36KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data

  Size: 3KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 3KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .xObf

  Size: 72KB - Virtual size: 71KB

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE