clop | d36766cbc149d7f79654d2810ffe2fd3b1a6487fe3aff6ff010e664b60493cf0

Sharing

Copy URL

Twitter E-mail

General

Target

d36766cbc149d7f79654d2810ffe2fd3b1a6487fe3aff6ff010e664b60493cf0
Size

232KB
MD5

58bf7e6a9610cd419ea46c1490cd7742
SHA1

08ca48c0f25d8f27dec0008c53fc96d63cb37799
SHA256

d36766cbc149d7f79654d2810ffe2fd3b1a6487fe3aff6ff010e664b60493cf0
SHA512

ae51763f10c22efcc639d825518b4f246e1a3ef6b699dafb0b978077d2aeb399f772adec3d233e61f60a23be9c547c463c3e3d01239b3d07b7066a7edeeff59b
SSDEEP

6144:zpjedkDkjYkSQkKq5CecUgNLvvkauWRwM:1jedsP5Cwg15RwM

Score

10^/10

clop

Malware Config

Signatures

Clop family
clop
Detects Clop payload 1 IoCs

Processes:

resource yara_rule

sample family_clop

resource	yara_rule
sample	family_clop

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
d36766cbc149d7f79654d2810ffe2fd3b1a6487fe3aff6ff010e664b60493cf0

Files

d36766cbc149d7f79654d2810ffe2fd3b1a6487fe3aff6ff010e664b60493cf0
.exe windows x86

2d897334e5a0b92447a2b50caea5e0a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingW
MapViewOfFile
GetTickCount
GlobalUnlock
lstrcmpW
SizeofResource
HeapFree
SetPriorityClass
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
GetSystemTimes
LeaveCriticalSection
CreateMutexW
lstrlenA
GetModuleHandleA
GetACP
OpenProcess
GetCommandLineA
CreateToolhelp32Snapshot
CreateEventW
Sleep
GetLastError
Process32NextW
SetEvent
LockResource
lstrcpyW
LoadResource
FindResourceW
lstrcpyA
WriteConsoleW
ExitProcess
LCMapStringW
GetCurrentProcessId
UnhandledExceptionFilter
GetProcessHeap
lstrcmpiW
GetDriveTypeW
LoadLibraryExW
GetModuleHandleW
SetFilePointerEx
ReadConsoleW
SetEndOfFile
DecodePointer
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetStringTypeW
SetStdHandle
GlobalLock
CreateThread
CloseHandle
Process32FirstW
GlobalFree
GlobalAlloc
lstrcatW
SetFileAttributesW
ExitThread
UnmapViewOfFile
CreateFileW
WaitForSingleObject
FindClose
SetFilePointer
SetErrorMode
VirtualAlloc
WriteFile
lstrlenW
FindNextFileW
FreeEnvironmentStringsW
VirtualFree
FindFirstFileW
HeapAlloc
ReadFile
GetEnvironmentStringsW
GetCommandLineW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetFileType
GetModuleHandleExW
WideCharToMultiByte
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
SetLastError
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
RaiseException
GetStdHandle
MultiByteToWideChar

user32

CharUpperW
wsprintfW
CharUpperBuffW

advapi32

SetServiceStatus
GetTokenInformation
LookupAccountSidW
DuplicateTokenEx
RevertToSelf
CryptAcquireContextW
CryptEncrypt
RegisterServiceCtrlHandlerW
OpenProcessToken
CreateProcessAsUserW
StartServiceCtrlDispatcherW

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

shlwapi

StrStrW
PathFindFileNameW

crypt32

CryptStringToBinaryA
CryptImportPublicKeyInfo
CryptDecodeObjectEx

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW
WTSQueryUserToken

rstrtmgr

RmRestart
RmStartSession
RmShutdown
RmEndSession
RmRegisterResources
RmGetList

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d897334e5a0b92447a2b50caea5e0a5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

mpr

shlwapi

crypt32

userenv

wtsapi32

rstrtmgr

Sections

.text Size: 114KB - Virtual size: 114KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 12KB

.rsrc Size: 75KB - Virtual size: 75KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 114KB - Virtual size: 114KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 12KB

.rsrc
Size: 75KB - Virtual size: 75KB

.reloc
Size: 11KB - Virtual size: 11KB