clop | 2024-09-09_e56c567b260434bc40dc30f0e313740b_clop

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-09_e56c567b260434bc40dc30f0e313740b_clop
Size

303KB
MD5

e56c567b260434bc40dc30f0e313740b
SHA1

2f951b6687286f3abaecc259eca0423c90e0646e
SHA256

0bd7f2753fed42d6cfa24b422495d583078929d32cf5bf2b676c8e7e99470ea2
SHA512

ed12034fe50d0a89c7edf0c62232f1a515d791cb239085e7458d494a3a2187edd6975904e3d7765afe150851caed16a3f51e5832183b25d915a27a8421bf87dc
SSDEEP

6144:QPcEADOWymwi0uyuHga0j2AUyysC2N3NM/X:7EA8YSUgauxUyyJi3

Score

10^/10

clop

Malware Config

Signatures

Clop family
clop

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-09-09_e56c567b260434bc40dc30f0e313740b_clop

Files

2024-09-09_e56c567b260434bc40dc30f0e313740b_clop
.exe windows:6 windows x86 arch:x86

5d864b8b615b63f215b51bfc1775e9e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryW
NeedCurrentDirectoryForExePathA
GetDriveTypeW
GetFileSizeEx
GetTempFileNameW
ReadFileEx
FindFirstStreamW
OutputDebugStringW
DecodeSystemPointer
RemoveVectoredContinueHandler
FatalAppExitA
IsThreadAFiber
CreateNamedPipeW
WaitNamedPipeW
QueryPerformanceCounter
HeapDestroy
HeapAlloc
HeapFree
GetProcessHeap
HeapCompact
InitOnceBeginInitialize
SetEvent
ReleaseSemaphore
ReleaseMutex
CreateMutexA
OpenMutexW
CreateEventW
OpenWaitableTimerW
Sleep
GetProcessTimes
GetCurrentProcess
GetCurrentProcessId
ExitProcess
TerminateProcess
TerminateThread
SetPriorityClass
GetProcessId
OpenProcess
GetThreadIOPendingFlag
GetSystemTimes
GetSystemInfo
GetVersionExA
VirtualFreeEx
CreateFileMappingNumaW
DeleteTimerQueueTimer
CreateThreadpoolWork
GetSystemWow64DirectoryW
DisableThreadLibraryCalls
FreeLibraryAndExitThread
GetModuleFileNameW
GetProcAddress
LockResource
LoadLibraryW
QueryThreadCycleTime
GlobalHandle
GlobalCompact
GlobalUnfix
LocalHandle
LocalCompact
GetProcessAffinityMask
FatalExit
DeleteFiber
ConvertFiberToThread
RequestWakeupLatency
GlobalDeleteAtom
DeleteAtom
EscapeCommFunction
GetCommMask
GetCommTimeouts
TransmitCommChar
CreateMailslotA
lstrcmpiW
lstrlenA
OpenFile
GetEnvironmentVariableW
CreateWaitableTimerA
GlobalAddAtomW
CreateFileMappingW
FindAtomA
GetPrivateProfileIntA
WritePrivateProfileStringW
RemoveDirectoryTransactedW
GetCompressedFileSizeTransactedA
DeleteFileTransactedA
IsBadReadPtr
IsBadStringPtrA
BuildCommDCBAndTimeoutsA
GetComputerNameA
FileTimeToSystemTime
GetVolumeNameForVolumeMountPointA
AddRefActCtx
ApplicationRecoveryInProgress
CompareStringW
GetACP
GetCPInfo
CompareStringA
LCMapStringW
GetLocaleInfoW
IsDBCSLeadByte
LCIDToLocaleName
EnumCalendarInfoA
EnumCalendarInfoExA
GetGeoInfoW
GetThreadLocale
GetThreadUILanguage
GetUserPreferredUILanguages
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
GetConsoleFontSize
ScrollConsoleScreenBufferW
FreeConsole
GetConsoleOriginalTitleW
GetConsoleAliasesW
GetConsoleAliasExesW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleHandleW
LoadResource
SizeofResource
FindResourceW
WriteConsoleW
SetFilePointerEx
SetEndOfFile
GetConsoleCP
FlushFileBuffers
ReadConsoleW
GetConsoleMode
HeapReAlloc
HeapSize
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
lstrlenW
lstrcatW
lstrcpyW
lstrcpyA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
UnmapViewOfFile
_lwrite
MapViewOfFile
VirtualFree
VirtualAlloc
GetTickCount
ExitThread
CreateThread
WaitForSingleObject
SetErrorMode
GetLastError
CloseHandle
WriteFile
SetFilePointer
SetFileAttributesW
ReadFile
FindNextFileW
FindFirstFileExW
GetFileType
GetModuleHandleExW
WideCharToMultiByte
FindFirstFileW
FindClose
GlobalGetAtomNameW
CreateFileW
MultiByteToWideChar
GetStdHandle
RaiseException
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
DecodePointer

user32

CharUpperW
wsprintfW
GetMenuItemCount
RegisterWindowMessageW
IsWindow
GetDlgItemInt
IsDlgButtonChecked
DefFrameProcW
GetLastActivePopup
CallMsgFilterW
EnumChildWindows
PtInRect
ShowCursor
GetWindowTextLengthW
AppendMenuW
FindWindowW
HiliteMenuItem
VkKeyScanW
ToAscii
GetKeyboardType
GetKeyNameTextW
CharUpperBuffW
CharUpperA
IsClipboardFormatAvailable
EnumClipboardFormats
OpenClipboard

gdi32

RectVisible
GetTextCharacterExtra
GetSystemPaletteUse
GetBkMode
FloodFill
CreateEllipticRgn
CreateBitmap
CombineRgn
AddFontResourceW
Polygon

advapi32

RegUnLoadKeyW
CreateProcessAsUserW
OpenProcessToken
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
CryptAcquireContextW
CryptEncrypt
RegDeleteValueW
LookupAccountSidW
RevertToSelf
GetTokenInformation
DuplicateTokenEx

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

shlwapi

StrStrW
PathFindFileNameW

crypt32

CryptImportPublicKeyInfo
CryptDecodeObjectEx
CryptStringToBinaryA

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSFreeMemory
WTSQueryUserToken

rstrtmgr

RmRegisterResources
RmGetList
RmShutdown
RmRestart
RmStartSession
RmEndSession

Sections

.text
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d864b8b615b63f215b51bfc1775e9e4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

mpr

shlwapi

crypt32

userenv

wtsapi32

rstrtmgr

Sections

.text Size: 243KB - Virtual size: 243KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 3KB - Virtual size: 13KB

.gfids Size: 512B - Virtual size: 172B

.rsrc Size: 25KB - Virtual size: 25KB

.text
Size: 243KB - Virtual size: 243KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 3KB - Virtual size: 13KB

.gfids
Size: 512B - Virtual size: 172B

.rsrc
Size: 25KB - Virtual size: 25KB