Static task
static1
Behavioral task
behavioral1
Sample
2024-05-22_25edd43f54612e7e9f2ae024bb6dbbba_cryptolocker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-05-22_25edd43f54612e7e9f2ae024bb6dbbba_cryptolocker.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-05-22_25edd43f54612e7e9f2ae024bb6dbbba_cryptolocker
-
Size
57KB
-
MD5
25edd43f54612e7e9f2ae024bb6dbbba
-
SHA1
4dd88058ad4829f9ec1ea22837b36915c10817c8
-
SHA256
ac3df1a34c08b948ba9ba59c29e8608007d1dd9ccf0edb13ec163c2f07274e7d
-
SHA512
9ad0753877984d603826da4c397c5f1f236ff493e838da3b356e1919c7d78e9b2fc7bbf6c5d4c9003430c7becbc7d5011261cacb93b46f6b90c5ea453acfb9d1
-
SSDEEP
1536:qmbhXDmjr5MOtEvwDpj5cDtKkQZQRKb6ImpyR:BbdDmjr+OtEvwDpjM+
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
Processes:
resource yara_rule sample CryptoLocker_rule2 -
UPX dump on OEP (original entry point) 1 IoCs
Processes:
resource yara_rule sample UPX -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2024-05-22_25edd43f54612e7e9f2ae024bb6dbbba_cryptolocker
Files
-
2024-05-22_25edd43f54612e7e9f2ae024bb6dbbba_cryptolocker.exe windows:5 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
bUItIFMf Size: - Virtual size: 36KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
QNhjSkbP Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 11KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE