Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x000011bc	0x00001200	5.99183114373
.rdata	0x00003000	0x000011a6	0x00001200	4.27427672108
.data	0x00005000	0x00000680	0x00000200	0.770461938824
.pdata	0x00006000	0x000001a4	0x00000200	3.06150075818
.rsrc	0x00007000	0x00002348	0x00002400	7.7996510862
.reloc	0x0000a000	0x00000030	0x00000200	0.193146577561

Name

Virtual Address

Virtual Size

Size of Raw Data

Entropy

.text

0x00001000

0x000011bc

0x00001200

5.99183114373

.rdata

0x00003000

0x000011a6

0x00001200

4.27427672108

.data

0x00005000

0x00000680

0x00000200

0.770461938824

.pdata

0x00006000

0x000001a4

0x00000200

3.06150075818

.rsrc

0x00007000

0x00002348

0x00002400

7.7996510862

.reloc

0x0000a000

0x00000030

0x00000200

0.193146577561

!This program cannot be run in DOS mode.

`.rdata

@.data

.pdata

@.rsrc

@.reloc

L$ SVWH

u/HcH<H

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; NzT)

219[.]90.112.203

type=%d&guid=%s&os=%d&arch=%d&username=%s

Oooops, your files have been encrypted!

RU exit.

UKR exit.

MD exit.

RO exit.

BY exit.

AM exit.

KZ exit.

C:\Users\jose\proyectos\ransomware\update.pdb

.text$mn

.text$mn$00

.text$x

.idata$5

.00cfg

.CRT$XCA

.CRT$XCAA

.CRT$XCZ

.CRT$XIA

.CRT$XIAA

.CRT$XIAC

.CRT$XIZ

.CRT$XPA

.CRT$XPZ

.CRT$XTA

.CRT$XTZ

.rdata

.rdata$voltmd

.rdata$zzzdbg

.rtc$IAA

.rtc$IZZ

.rtc$TAA

.rtc$TZZ

.xdata

.idata$2

.idata$3

.idata$4

.idata$6

.pdata

.rsrc$01

.rsrc$02

GetUserGeoID

KERNEL32.dll

wsprintfA

USER32.dll

InternetOpenUrlW

InternetOpenW

InternetCloseHandle

WININET.dll

__C_specific_handler

__current_exception

__current_exception_context

memset

VCRUNTIME140.dll

__acrt_iob_func

__stdio_common_vfprintf

_seh_filter_exe

_set_app_type

__setusermatherr

_configure_narrow_argv

_initialize_narrow_environment

_get_initial_narrow_environment

_initterm

_initterm_e

_set_fmode

__p___argc

__p___argv

_cexit

_c_exit

_register_thread_local_exe_atexit_callback

_configthreadlocale

_set_new_mode

__p__commode

_initialize_onexit_table

_register_onexit_function

_crt_atexit

terminate

api-ms-win-crt-runtime-l1-1-0.dll

api-ms-win-crt-stdio-l1-1-0.dll

api-ms-win-crt-math-l1-1-0.dll

api-ms-win-crt-locale-l1-1-0.dll

api-ms-win-crt-heap-l1-1-0.dll

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

IsProcessorFeaturePresent

QueryPerformanceCounter

GetCurrentProcessId

GetCurrentThreadId

GetSystemTimeAsFileTime

InitializeSListHead

IsDebuggerPresent

GetModuleHandleW

memcpy

IDATx^

vYGS}|<r

,Dc@8l

`A>**VA

`M9<AFcy

b<fCLS|

-Yi=@t

u&sh=QD^

,Q,f"b

L4.t."

Z0%"b<

rja<2@v<

GxKBgc<

<?xml version='1.0' encoding='UTF-8' standalone='yes'?>

</requestedPrivileges>

</security>

</trustInfo>

</assembly>

Antivirus	Signature
Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (moderate confidence)
ClamAV	Clean
CMC	Clean
CAT-QuickHeal	Clean
Skyhigh	Clean
ALYac	Clean
Cylance	Clean
Zillya	Clean
CrowdStrike	win/malicious_confidence_90% (D)
Alibaba	Clean
K7GW	Clean
K7AntiVirus	Clean
huorong	Clean
Baidu	Clean
VirIT	Clean
Paloalto	Clean
Symantec	Clean
tehtris	Clean
ESET-NOD32	Clean
APEX	Malicious
Avast	Clean
Cynet	Clean
Kaspersky	Clean
BitDefender	Gen:Heur.Bodegun.23
NANO-Antivirus	Clean
ViRobot	Clean
MicroWorld-eScan	Gen:Heur.Bodegun.23
Tencent	Clean
Sophos	Clean
F-Secure	Clean
DrWeb	Clean
VIPRE	Gen:Heur.Bodegun.23
TrendMicro	Clean
McAfeeD	Clean
Trapmine	suspicious.low.ml.score
CTX	exe.trojan.bodegun
Emsisoft	Gen:Heur.Bodegun.23 (B)
Ikarus	Win32.Outbreak
FireEye	Gen:Heur.Bodegun.23
Jiangmin	Clean
Webroot	Clean
Varist	Clean
Avira	Clean
Fortinet	Clean
Antiy-AVL	Trojan[Ransom]/Win32.Dcrypt.a
Kingsoft	Clean
Gridinsoft	Clean
Xcitium	Clean
Arcabit	Trojan.Bodegun.23
SUPERAntiSpyware	Clean
ZoneAlarm	Clean
Microsoft	Trojan:Win32/Sabsik.FL.A!ml
Google	Clean
AhnLab-V3	Clean
Acronis	Clean
McAfee	Artemis!685A9BAABB03
TACHYON	Clean
VBA32	Clean
Malwarebytes	Clean
Panda	Clean
Zoner	Clean
TrendMicro-HouseCall	Clean
Rising	Clean
Yandex	Clean
SentinelOne	Static AI - Suspicious PE
MaxSecure	Clean
GData	Gen:Heur.Bodegun.23
AVG	Clean
DeepInstinct	MALICIOUS
alibabacloud	Clean

Antivirus

Signature

Bkav

W64.AIDetectMalware

Lionic

Trojan.Win32.Generic.4!c

Elastic

malicious (moderate confidence)

ClamAV

Clean

CMC

Clean

CAT-QuickHeal

Clean

Skyhigh

Clean

ALYac

Clean

Cylance

Clean

Zillya

Clean

CrowdStrike

win/malicious_confidence_90% (D)

Alibaba

Clean

K7GW

Clean

K7AntiVirus

Clean

huorong

Clean

Baidu

Clean

VirIT

Clean

Paloalto

Clean

Symantec

Clean

tehtris

Clean

ESET-NOD32

Clean

APEX

Malicious

Avast

Clean

Cynet

Clean

Kaspersky

Clean

BitDefender

Gen:Heur.Bodegun.23

NANO-Antivirus

Clean

ViRobot

Clean

MicroWorld-eScan

Gen:Heur.Bodegun.23

Tencent

Clean

Sophos

Clean

F-Secure

Clean

DrWeb

Clean

VIPRE

Gen:Heur.Bodegun.23

TrendMicro

Clean

McAfeeD

Clean

Trapmine

suspicious.low.ml.score

CTX

exe.trojan.bodegun

Emsisoft

Gen:Heur.Bodegun.23 (B)

Ikarus

Win32.Outbreak

FireEye

Gen:Heur.Bodegun.23

Jiangmin

Clean

Webroot

Clean

Varist

Clean

Avira

Clean

Fortinet

Clean

Antiy-AVL

Trojan[Ransom]/Win32.Dcrypt.a

Kingsoft

Clean

Gridinsoft

Clean

Xcitium

Clean

Arcabit

Trojan.Bodegun.23

SUPERAntiSpyware

Clean

ZoneAlarm

Clean

Microsoft

Trojan:Win32/Sabsik.FL.A!ml

Google

Clean

AhnLab-V3

Clean

Acronis

Clean

McAfee

Artemis!685A9BAABB03

TACHYON

Clean

VBA32

Clean

Malwarebytes

Clean

Panda

Clean

Zoner

Clean

TrendMicro-HouseCall

Clean

Rising

Clean

Yandex

Clean

SentinelOne

Static AI - Suspicious PE

MaxSecure

Clean

GData

Gen:Heur.Bodegun.23

AVG

Clean

DeepInstinct

MALICIOUS

alibabacloud

Clean

Static Analysis

PE Compile Time

PDB Path

Sections