2024-08-29_03973598b00bca8d3c6dde872f917b6c_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-29_03973598b00bca8d3c6dde872f917b6c_cryptolocker
Size

124KB
MD5

03973598b00bca8d3c6dde872f917b6c
SHA1

a2d631c1441581b93d06f009912535ed7ef09d57
SHA256

a3da20407c93e2cd0556c1b7a2d2ab94d72386b7bd15176f0b7002670586080c
SHA512

02e5478c94491ba3fc0f2f4bb2c85519cd33aeec957bc57cc10eb82b8273c08cad73d0977c8d4f0d4c0d193dba18c260928bf60cb4158c706213ed8a64da45f5
SSDEEP

384:bF5FQrdSmuQ7Dl1ovmXAw9PMDREhi9OUSPlRxMc/cipv7Yfqxpj5cpyIuYxVe3FV:bF5m5zuuDOw9UiaiWUB2preAr+OfjmZ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-29_03973598b00bca8d3c6dde872f917b6c_cryptolocker

Files

2024-08-29_03973598b00bca8d3c6dde872f917b6c_cryptolocker
.exe windows:5 windows x86 arch:x86

538a1c1a7578ec515117a8a6d17e3262

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
FindClose
FindNextFileA
DeleteFileA
CloseHandle
CreateFileA

gdi32

CreateFontIndirectA

user32

EndPaint
GetMessageA
DispatchMessageA
ShowWindow
UpdateWindow
BeginPaint
TranslateMessage
MoveWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadCursorA
LoadIconA
PostQuitMessage
GetWindowRect

Sections

UPX0
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE