2024-06-06_d87fb3c49450e36e5f1de3bdd8d37265_cryptolocker

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-06_d87fb3c49450e36e5f1de3bdd8d37265_cryptolocker
Size

62KB
MD5

d87fb3c49450e36e5f1de3bdd8d37265
SHA1

7e00b7c38dec40e6d9c0a9d6e45380ebee711325
SHA256

1bd4a75a5173a20874d9b509aafea5ec39a0be09fd405e5f07895954a207e960
SHA512

361f2ac479af0c90430937461f479fa03be2fba585adefe7e3da1e3cb2e00196f039f2a284cf5a871a49bd768dd1fe5e5935ff501280bf65266f7d99a844dab7
SSDEEP

1536:q6QFElP6n+gxmddpMOtEvwDpjpizbR9Xwzz:q6a+rdOOtEvwDpjwPvw3

Score

10^/10

upx

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Detection of Cryptolocker Samples 1 IoCs

resource	yara_rule
sample	CryptoLocker_set1

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

2024-06-06_d87fb3c49450e36e5f1de3bdd8d37265_cryptolocker
.exe windows:5 windows x86 arch:x86

Code Sign

33:00:00:04:39:f6:1f:7a:67:6d:a0:00:af:00:00:00:00:04:39
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:25

Not After

01-09-2022 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:33

Not After

01-09-2022 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:d8:fd:45:81:e4:ea:61:46:39:a0:0d:ea:67:a1:35:95:c0:e0:89:2f:d8:4a:be:96:a2:ce:09:a4:57:80:8a
Signer

Actual PE Digest

70:d8:fd:45:81:e4:ea:61:46:39:a0:0d:ea:67:a1:35:95:c0:e0:89:2f:d8:4a:be:96:a2:ce:09:a4:57:80:8a

Digest Algorithm

sha256

PE Digest Matches

false

70:d8:fd:45:81:e4:ea:61:46:39:a0:0d:ea:67:a1:35:95:c0:e0:89:2f:d8:4a:be:96:a2:ce:09:a4:57:80:8a
Signer

Actual PE Digest

70:d8:fd:45:81:e4:ea:61:46:39:a0:0d:ea:67:a1:35:95:c0:e0:89:2f:d8:4a:be:96:a2:ce:09:a4:57:80:8a

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

33:00:00:04:39:f6:1f:7a:67:6d:a0:00:af:00:00:00:00:04:39Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

70:d8:fd:45:81:e4:ea:61:46:39:a0:0d:ea:67:a1:35:95:c0:e0:89:2f:d8:4a:be:96:a2:ce:09:a4:57:80:8aSigner

70:d8:fd:45:81:e4:ea:61:46:39:a0:0d:ea:67:a1:35:95:c0:e0:89:2f:d8:4a:be:96:a2:ce:09:a4:57:80:8aSigner

Headers

File Characteristics

Sections

UPX0 Size: 20KB - Virtual size: 32KB

UPX1 Size: 10KB - Virtual size: 12KB

.rsrc Size: 11KB - Virtual size: 12KB

.imports Size: 1024B - Virtual size: 4KB

33:00:00:04:39:f6:1f:7a:67:6d:a0:00:af:00:00:00:00:04:39
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

70:d8:fd:45:81:e4:ea:61:46:39:a0:0d:ea:67:a1:35:95:c0:e0:89:2f:d8:4a:be:96:a2:ce:09:a4:57:80:8a
Signer

70:d8:fd:45:81:e4:ea:61:46:39:a0:0d:ea:67:a1:35:95:c0:e0:89:2f:d8:4a:be:96:a2:ce:09:a4:57:80:8a
Signer

UPX0
Size: 20KB - Virtual size: 32KB

UPX1
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 11KB - Virtual size: 12KB

.imports
Size: 1024B - Virtual size: 4KB