2024-08-26_c60ac2d3727f5ad19c1d3203c7bd4007_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-26_c60ac2d3727f5ad19c1d3203c7bd4007_cryptolocker
Size

25KB
MD5

c60ac2d3727f5ad19c1d3203c7bd4007
SHA1

e000f8e78e7f526e0375478832b77121c4d318bd
SHA256

6bec9a777b702c754106cd798217e37979ebd084d77bdde82daf163a0165552a
SHA512

6acf7d2df884f26170123e33f75437a4e0e20ee02fff25470ff7804b568d2cd9ad3975da054bd20a2170e0f8f96f9ed16c1d34100df88d265233ecc2ccf31573
SSDEEP

384:bVCPwFRuFn65arz1ZhdaXFXSCVQTLfjDp6HMmHBdaKG:bVCPwFRo6CpwXFXSqQXfjAsmHBdZG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2024-08-26_c60ac2d3727f5ad19c1d3203c7bd4007_cryptolocker
unpack001/out.upx

Files

2024-08-26_c60ac2d3727f5ad19c1d3203c7bd4007_cryptolocker
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ