Ransom exe Ransomware HydraCrypt File Malware Analysis: 768e86ceb8d6d2eb2aa19f2853819d82

Ransom.exe Ransomware HydraCrypt Analysis

Updated 1 year ago

Checked by Malaware Check

ransom.exe

Hash Type	Value	Action
MD5	768e86ceb8d6d2eb2aa19f2853819d82
SHA1	b36371f518a0f82a7debd4140a3309245819b2da
SHA256	3cf6a9a95f0e4237aa4c80b67922fc3f4d0e2bf9f15830c0333b910df8cbe834
SHA512	c62e29064134ce427cb7a6a8c3eebe12f276107f3fcf5298e06b935e2c301436fd2a931efaf0dcc744fc70e8d255a6362646de50bb63f5899b222f08ccd64dfe
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

Hash Type

Value

Action

MD5

768e86ceb8d6d2eb2aa19f2853819d82

SHA1

b36371f518a0f82a7debd4140a3309245819b2da

SHA256

3cf6a9a95f0e4237aa4c80b67922fc3f4d0e2bf9f15830c0333b910df8cbe834

SHA512

c62e29064134ce427cb7a6a8c3eebe12f276107f3fcf5298e06b935e2c301436fd2a931efaf0dcc744fc70e8d255a6362646de50bb63f5899b222f08ccd64dfe

ImpHash

f34d5f2d4577ed6d9ceec516c1f5a744

PE Analysis

Basic Information

▼

Image Base	`0x00400000`
Entry Point	`0x00406fee`
Compilation Time	2023-08-22 17:44:35
Checksum	0x00000000 (Actual: 0x00013ef9)
OS Version	4.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows`
Digital Signature	The PE file does not contain a certificate table.
Imports	1 libraries mscoree
Exports	0 functions
Resources	2 Resources
Sections	3 Sections

Version Information

▼

Translation	0x0000 0x04b0
FileDescription
FileVersion	0.0.0.0
InternalName	ransom.exe
LegalCopyright
OriginalFilename	ransom.exe
ProductVersion	0.0.0.0
Assembly Version	0.0.0.0

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00002000`	20,468 bytes	20,480 bytes	5.35 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`5F888C6783C72E1BE3F9B974254731DF`
`.rsrc`	`0x00008000`	1,240 bytes	1,536 bytes	3.69 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`2E0C24B7262AEEE0E5CC02F87CC40407`
`.reloc`	`0x0000a000`	12 bytes	512 bytes	0.08 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`5AFEF967DCB8CFDF39822E3165C66C07`

Resource Analysis

▼

Total Resources: 2 (1,070 bytes)

Resource Type	Count	Total Size	Percentage
RT_VERSION	1	580 bytes	54.2%
RT_MANIFEST	1	490 bytes	45.8%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Removal Instructions

Follow these steps to completely remove the threat from your system

Start by downloading Gridinsoft Anti-Malware to your computer.
Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
Click on the "Standard Scan" button to begin scanning your computer for threats.
After the scanning process is finished, click on "Clean Now" to remove any detected threats.
If prompted, restart your system to complete the removal process and ensure all threats are eliminated.

Important: Before You Start

Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

File Name	ransom.exe
File Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Scanner Version	1.0.138.174
Database Version	2023-09-11 00:01:37 UTC

Ransom.exe Ransomware HydraCrypt Analysis

Technical Analysis

Ransom.Win32.HydraCrypt.sa

Scan Another File

File Identification