2024-04-23_9fa406cb890941f44ab85898ea7a7522_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-23_9fa406cb890941f44ab85898ea7a7522_cryptolocker
Size

23KB
MD5

9fa406cb890941f44ab85898ea7a7522
SHA1

b9c1a4729d41690b12cd1280c7c94df3ae05412c
SHA256

efc97fed1fbb2ce1d186749eef563014dee8ac00d1f9054be1f6db22d731dd13
SHA512

9e15a72bad03e02fff47119bd039322981f88344989ac73b2714fd76fe994b5ced2aa4553c39d620f9715a99bd8b7ff303b37cabb18663782f7257362bad55c0
SSDEEP

384:bVCPwFRuFn65arz1ZhdaXFXSCVQTLfjDp6HnVW:bVCPwFRo6CpwXFXSqQXfjAHY

Score

10^/10

upx

Malware Config

Signatures

Detection of CryptoLocker Variants 2 IoCs

resource	yara_rule
sample	CryptoLocker_rule2
static1/unpack001/out.upx	CryptoLocker_rule2

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2024-04-23_9fa406cb890941f44ab85898ea7a7522_cryptolocker
unpack001/out.upx

Files

2024-04-23_9fa406cb890941f44ab85898ea7a7522_cryptolocker
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ