How do i analyze this strange ransomware ?

#29286 by r00tMe
Thu Sep 29, 2016 11:03 pm

I am trying analyze a ransomeware which is not packed is ensured by using PEiD and ExeInfo packer detector and mostly in ensured by checking the section or that malware. All normal section.

That file has imports in import section but does not have any code / text section nor any functions except start function only.
I provided screenshot below please help.
Thanks
Rootme

Username

r00tMe

Posts

13

Joined

Thu Sep 29, 2016 4:29 pm

Re: How do i analyze this strange ransomware ?

#29288 by sysopfb
Fri Sep 30, 2016 12:57 am

Can you attach a sample?

Just because PEiD and exeinfo do not detected it to be packed or crypted does not mean it is not packed it just means it's not packed with a packer/crypter that has been signatured

Username

sysopfb

Posts

97

Joined

Thu Oct 23, 2014 1:22 am

Contact

Re: How do i analyze this strange ransomware ?

#29291 by r00tMe
Fri Sep 30, 2016 1:40 am

Here you go the sample.

Username

r00tMe

Posts

13

Joined

Thu Sep 29, 2016 4:29 pm

Re: How do i analyze this strange ransomware ?

#29292 by r00tMe
Fri Sep 30, 2016 1:43 am

Here you go the sample.

Username

r00tMe

Posts

13

Joined

Thu Sep 29, 2016 4:29 pm

Re: How do i analyze this strange ransomware ?

#29293 by r00tMe
Fri Sep 30, 2016 2:00 am

included

Username

r00tMe

Posts

13

Joined

Thu Sep 29, 2016 4:29 pm

Re: How do i analyze this strange ransomware ?

#29297 by r00tMe
Fri Sep 30, 2016 2:29 am

sysopfb wrote:Can you attach a sample?

Just because PEiD and exeinfo do not detected it to be packed or crypted does not mean it is not packed it just means it's not packed with a packer/crypter that has been signatured

How to unpack Qadas Malware it's similar to this malware !
Thanks

Username

r00tMe

Posts

13

Joined

Thu Sep 29, 2016 4:29 pm