2024-05-13_ce832ca2cf031964dfe5119521d35f02_cryptolocker | Triage

Sharing

General

Target

2024-05-13_ce832ca2cf031964dfe5119521d35f02_cryptolocker
Size

24KB
MD5

ce832ca2cf031964dfe5119521d35f02
SHA1

65a6556c86d962f35b1a5fec8d59a3a0483e00a8
SHA256

8f9a45254bc58771c9a4b0431d58b1b88d04774bed8017f5a4ac7c76b60a8c8b
SHA512

5ae11b37f32fa00256822ae2a08bdcff7ff6283df4d75a2aff176f7f39539632ec5baa200af14eea9e176a30b94dde281ed1d1dd810e859ac0fb5351544f3cbb
SSDEEP

384:bVCPwFRuFn65arz1ZhdaXFXSCVQTLfjDp6HnpF:bVCPwFRo6CpwXFXSqQXfjAH7

Score

10^/10

upx

Malware Config

Signatures

Detection of CryptoLocker Variants 2 IoCs

resource	yara_rule
sample	CryptoLocker_rule2
static1/unpack001/out.upx	CryptoLocker_rule2

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2024-05-13_ce832ca2cf031964dfe5119521d35f02_cryptolocker
unpack001/out.upx

Files

2024-05-13_ce832ca2cf031964dfe5119521d35f02_cryptolocker
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ