Behavioral task
behavioral1
Sample
2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
Resource
win10v2004-20240226-en
General
-
Target
2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
-
Size
163KB
-
MD5
c1aeba6369a3615061f44778021f6b42
-
SHA1
d5e40b2f91be6e95891a6f3e111f6a00f448de27
-
SHA256
357908d9f3abf01fcc8d4d3527483d5b9993cd1f70d7af2897ed313f05a39d97
-
SHA512
9e4bb49a5230ad624b9224b1f17e4da18345a9c7fece9299035986fc453b7f61c83d2a72486a8f7b674a14575107cf6d661f28709f9aef0450199c2cc3b8edd3
-
SSDEEP
3072:YHgTPOOwUJRymLMT+2eVyY1+ly6MkCSU2jgPqS01LpTLAwqsonnqBKLtYMlDJ+:YHgCfn7js6Zjg+Qfe0
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 1 IoCs
resource yara_rule sample UPX -
resource yara_rule sample upx -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource 2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock unpack001/out.upx
Files
-
2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 64KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 157KB - Virtual size: 160KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 206KB - Virtual size: 206KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE