Msys-crypto-3.dll Trojan Sabsik Analysis
Technical Analysis
| File Name | msys-crypto-3.dll |
| File Type |
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
| Scanner Version | 1.0.234.174 |
| Database Version | 2026-01-18 01:00:15 UTC |
Ransom.Win64.Sabsik.oa!s1
Malware family: Sabsik
Scan Another File
File Identification
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
7f75cede42d3d56b3f898f966bee8a05
|
|
| SHA1 |
42294ff9369aea4d310a3979ad05717a156cdc25
|
|
| SHA256 |
d8d2dbe38d254107ce671bff25b62d3ede867e233d38045aacd661ad65b9370a
|
|
| SHA512 |
8750c937664a3cbd3cd5ad23163d918d310db7dd2370a9e606a7ee089e8699e77a59fa1bd1846892bf296ba5f1e32153b3a82ef0cb3bf0f465b9748e4d2aafb2
|
|
| ImpHash |
ec03c4f970d8fb1ce62ff69b5a87a51c
|
PE Analysis
Basic Information
▼| Image Base | 0x2bb160000 |
| Entry Point | 0x2bb1611f0 |
| Compilation Time | 2023-08-19 12:34:25 |
| Checksum | 0x00189703 (Actual: 0x0018e815) |
| OS Version | 4.0 |
| PEiD Signatures |
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
| Digital Signature | No valid SignedData structure was found. |
| Imports |
2 libraries
KERNEL32, msvcrt |
| Exports | 267 functions |
| Resources | 2 Resources |
| Sections | 11 Sections |
Version Information
▼| CompanyName | IceSummitMega Team |
| FileDescription | Complete Compiler Accounting Door |
| FileVersion | 19.3.45.521 |
| InternalName | input_medical |
| LegalCopyright | 2019 IceSummitMega Team. All Rights Reserved. |
| OriginalFilename | input_medical.dll |
| ProductName | ShadowProtector |
| ProductVersion | 28.33.457.9261 |
| Translation | 0x0409 0x04b0 |
PE Sections
▼| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
34,384 bytes | 34,816 bytes | 5.93 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
5E4A1685A6260F2FB66E11A56EED1C37 |
.data |
0x0000a000 |
240 bytes | 512 bytes | 0.66 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
9952E6E32089F2F46D52E65539019671 |
.rdata |
0x0000b000 |
1,518,792 bytes | 1,519,104 bytes | 4.02 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
95BD6290370B903103628924FEF4F465 |
.pdata |
0x0017e000 |
4,584 bytes | 4,608 bytes | 4.66 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
583F4E02BCE71FF75E3199225210CACB |
.xdata |
0x00180000 |
2,452 bytes | 2,560 bytes | 2.74 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
66B15CDFF589986E4DED720187D2CB25 |
.bss |
0x00181000 |
272 bytes | 0 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.edata |
0x00182000 |
7,812 bytes | 8,192 bytes | 5.55 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
12657FACCCDC261104CA90DABD92290A |
.idata |
0x00184000 |
1,116 bytes | 1,536 bytes | 3.20 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
192C3FBEB25C71BF4F7C17A32B73936F |
.tls |
0x00185000 |
16 bytes | 512 bytes | 0.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
BF619EAC0CDF3F68D496EA9344137E8B |
.rsrc |
0x00186000 |
1,368 bytes | 1,536 bytes | 3.82 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
C2D9FB92E95822BFA3CDA9314C7760CF |
.reloc |
0x00187000 |
72 bytes | 512 bytes | 1.00 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
E3E98E54B195B5FCBEC26F9637F0F24F |
Resource Analysis
▼| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| RT_VERSION | 1 | 852 bytes | |
| RT_MANIFEST | 1 | 346 bytes |
Certificate Chain Analysis
▼No Digital Signatures
This file is not digitally signed.
Security Implications:
- Cannot verify the publisher's identity
- Increased security risk when running this file
- May trigger security warnings on some systems
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
Certificate Verification Status
No valid SignedData structure was found.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Ransom.Win64.Sabsik.oa!s1 Removal
Gridinsoft has the capability to identify and eliminate Ransom.Win64.Sabsik.oa!s1 without requiring further user intervention.
Download Anti-MalwareRemoval Instructions
Follow these steps to completely remove the threat from your system
-
Start by downloading Gridinsoft Anti-Malware to your computer.
-
Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
-
Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
-
Click on the "Standard Scan" button to begin scanning your computer for threats.
-
After the scanning process is finished, click on "Clean Now" to remove any detected threats.
-
If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Leave a Comment
Gridinsoft Anti-Malware
Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware
Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!
