CRYPTOWALL[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

CRYPTOWALL.zip
Size

100KB
MD5

0698f51e0f457a933a4529fc42c94b2c
SHA1

e1723cfc9bdf95d05333e9a9be19eeebf9ff1bf3
SHA256

3dc5d48d6922de1310fb9dd53efb108f834b1bee43326839400ecb0f8554c5bb
SHA512

292e98997da5583130c275815e8f02ea2abf3b3b138a573f9ec4e381c40853c5d407a09b21b2ba6c608b19eeee816a22c69c6ff2a83cf2b9c1a89cd1fb550c77
SSDEEP

3072:foa7hV2GCyEHqQ6WsmodAJcRlggtttzPdU:37hVh3EX6WjodAORlnpdU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CRYPTOWALL/cryptowall.bin

Files

CRYPTOWALL.zip
.zip

Password: infected
CRYPTOWALL/cryptowall.bin
.exe windows:5 windows x86 arch:x86

Password: infected

edbc0337cc897a187d263d79c09c15c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EnableMenuItem
GetDlgItem
SendDlgItemMessageA
AppendMenuA
GetWindowLongA
wvsprintfA
SetWindowPos
FindWindowA
RedrawWindow
GetWindowTextA
EnableWindow
GetSystemMetrics
IsWindow
CheckRadioButton
UnregisterClassA
SetCursor
GetSysColorBrush
DialogBoxParamA
DestroyAcceleratorTable
DispatchMessageA
TranslateMessage
LoadIconA
EmptyClipboard
SetClipboardData
SetFocus
CharUpperA
OpenClipboard
IsDialogMessageA
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
RemoveMenu
InvalidateRect
ChildWindowFromPoint
PostMessageA
DestroyCursor
CreateDialogParamA
GetWindowRect
IsMenu
GetSubMenu
SetDlgItemInt
GetWindowPlacement
CharLowerBuffA
LoadCursorA
CheckMenuRadioItem
GetSysColor
KillTimer
DestroyIcon
DestroyWindow
PostQuitMessage
GetClientRect
MoveWindow
GetSystemMenu
SetTimer
SetWindowPlacement
InsertMenuItemA
GetMenu
CheckMenuItem
SetMenuItemInfoA
SetActiveWindow
DefDlgProcA
RegisterClassA
EndDialog
SetDlgItemTextA
EnumClipboardFormats
GetClipboardData
CloseClipboard
GetClassInfoA
CallWindowProcA
SetWindowLongA
IsDlgButtonChecked
SetWindowTextA
CheckDlgButton
GetActiveWindow
MessageBoxA
wsprintfA
GetDlgItemTextA
SendMessageA
GetCursorPos
TrackPopupMenu
ClientToScreen
DestroyMenu
CreatePopupMenu

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegSetValueA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
GetUserNameA

dbghelp

ImageNtHeader
ImageRvaToSection
ImageRvaToVa

comctl32

ImageList_Destroy
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Remove
CreateToolbarEx
ImageList_SetBkColor
ImageList_Create

kernel32

IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapFree
VirtualFree
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EnterCriticalSection
HeapSize
LeaveCriticalSection
DeleteCriticalSection
GetLocaleInfoA
WriteFile
InterlockedDecrement
GetLastError
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
ExitProcess
GetProcAddress
Sleep
GetModuleHandleW
GlobalCompact
SetProcessWorkingSetSize
EncodePointer
OpenProcess
GlobalUnWire
GetStdHandle
IsWow64Process
GetProcessHandleCount
GetProcessHeap
FlushFileBuffers
PulseEvent
GetVersion
RtlUnwind
HeapAlloc
VirtualAlloc
HeapReAlloc
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetCommandLineA
GetProcessId
LockResource
GlobalDeleteAtom
LCMapStringA
LCMapStringW
GetModuleFileNameA
SetProcessPriorityBoost
GlobalUnfix
RequestWakeupLatency
IsProcessInJob
GetThreadTimes
GetProcessTimes
PeekNamedPipe

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 51.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

edbc0337cc897a187d263d79c09c15c7

Headers

DLL Characteristics

File Characteristics

Imports

user32

comdlg32

advapi32

dbghelp

comctl32

kernel32

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 104KB - Virtual size: 51.8MB

.rsrc Size: 90KB - Virtual size: 90KB

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 104KB - Virtual size: 51.8MB

.rsrc
Size: 90KB - Virtual size: 90KB