Behavioral task
behavioral1
Sample
2024-06-01_9d0a2f749759db1384ceb39e90785f0f_cryptolocker.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-06-01_9d0a2f749759db1384ceb39e90785f0f_cryptolocker.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-06-01_9d0a2f749759db1384ceb39e90785f0f_cryptolocker
-
Size
24KB
-
MD5
9d0a2f749759db1384ceb39e90785f0f
-
SHA1
d3f0e753a92f91910a2faa9bc6d96ebcb8c89871
-
SHA256
d13e403c9344d4de6fe9c1815e3880013b0e81d0b9fdee914c0459492f3c025c
-
SHA512
19cfa8127b3aa665acb5ef73b2fad200e4d65d2c08113b0da82a00373aa1012658468851357b7690950d0149a2e640b6ec08d0b1c57f87f787daa88680fe06cc
-
SSDEEP
384:bVCPwFRuFn65arz1ZhdaXFXSCVQTLfjDp6HMmHB/:bVCPwFRo6CpwXFXSqQXfjAsmHB/
Malware Config
Signatures
-
Detection of CryptoLocker Variants 2 IoCs
resource yara_rule sample CryptoLocker_rule2 static1/unpack001/out.upx CryptoLocker_rule2 -
UPX dump on OEP (original entry point) 1 IoCs
resource yara_rule sample UPX -
resource yara_rule sample upx -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource 2024-06-01_9d0a2f749759db1384ceb39e90785f0f_cryptolocker unpack001/out.upx
Files
-
2024-06-01_9d0a2f749759db1384ceb39e90785f0f_cryptolocker.exe windows:5 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 28KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 11KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:5 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ