2024-06-04_e476c91398ef97ffc44383ddb2817d34_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-04_e476c91398ef97ffc44383ddb2817d34_cryptolocker
Size

35KB
MD5

e476c91398ef97ffc44383ddb2817d34
SHA1

9873e7381ca015858bc6f4a6afe48c852c6a2a55
SHA256

aae20d958e15d9e78a9854a2e614ce8b45cd835b12f91cd8ec8986ecf3c34295
SHA512

02f63860346e9a6bc3c73c72b2665bb8e9892ed194c1a883c275607c815d33ab13b3d69f35fd3fa801aecd4e88ffcd0af1e2467014b8d4d92b753d697f791536
SSDEEP

768:bFPm5zusFUB2preAr+Ofjg0S16avdrQFiLjJvtXR:bFPmpiif/oc+vXR

Score

10^/10

upx

Malware Config

Signatures

Detection of CryptoLocker Variants 2 IoCs

resource	yara_rule
sample	CryptoLocker_rule2
static1/unpack001/out.upx	CryptoLocker_rule2

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2024-06-04_e476c91398ef97ffc44383ddb2817d34_cryptolocker
unpack001/out.upx

Files

2024-06-04_e476c91398ef97ffc44383ddb2817d34_cryptolocker
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ