2024-04-30_d11a38a63999b1c701735c435a3681be_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-30_d11a38a63999b1c701735c435a3681be_cryptolocker
Size

23KB
MD5

d11a38a63999b1c701735c435a3681be
SHA1

e41d0bac928621a6f6d0441ed10d8842e4c280e0
SHA256

ed8918e29bcaf97ab995fc26dfd606e7c290f858cca6ffd40f69c667f29058c5
SHA512

a4609dce7336c4b973434d0553f6435ed32cc617a6b8559fa9191f1d93d7ca32a2f919372ab6439f8c4bd85a8e530a4170b428a0fa595cd23720987217a87e15
SSDEEP

384:bVCPwFRuFn65arz1ZhdaXFXSCVQTLfjDp6Hnpz:bVCPwFRo6CpwXFXSqQXfjAHN

Score

10^/10

upx

Malware Config

Signatures

Detection of CryptoLocker Variants 2 IoCs

resource	yara_rule
sample	CryptoLocker_rule2
static1/unpack001/out.upx	CryptoLocker_rule2

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2024-04-30_d11a38a63999b1c701735c435a3681be_cryptolocker
unpack001/out.upx

Files

2024-04-30_d11a38a63999b1c701735c435a3681be_cryptolocker
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ