2024-09-09_0b3a73b1591a4f329fdc77402c72a016_cryptolocker

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-09_0b3a73b1591a4f329fdc77402c72a016_cryptolocker
Size

63KB
MD5

0b3a73b1591a4f329fdc77402c72a016
SHA1

7f6cdad1e6e6962fead741d5c825a75206bff2b6
SHA256

189b4f7c094edd1005410fd24b41ab0b787b27c073449c523ffc03e0c83cd7fa
SHA512

2e2b63796255fc8673e3c90c3f4b0e90e3e1303e9edf4e318a00303a54d326522065d6d9dc71bb4df0781d51a8a26cd0e803f3a8ed1b7c8be5f1850754b7177c
SSDEEP

768:0Qz7yVEhs9+syJP6ntOOtEvwDpjFSXOQ69zbjlAAX5e9zbT:0j+soPSMOtEvwDpjwizbR9Xwz/

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

2024-09-09_0b3a73b1591a4f329fdc77402c72a016_cryptolocker
.exe windows:5 windows x86 arch:x86

Code Sign

33:00:00:04:39:f6:1f:7a:67:6d:a0:00:af:00:00:00:00:04:39
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:25

Not After

01/09/2022, 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:33

Not After

01/09/2022, 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:56:a6:6d:90:18:2c:19:b8:97:c9:8a:2a:63:08:f8:39:5a:8e:b4:9e:86:a4:69:73:3f:d8:10:d3:4c:a5:91
Signer

Actual PE Digest

7b:56:a6:6d:90:18:2c:19:b8:97:c9:8a:2a:63:08:f8:39:5a:8e:b4:9e:86:a4:69:73:3f:d8:10:d3:4c:a5:91

Digest Algorithm

sha256

PE Digest Matches

false

7b:56:a6:6d:90:18:2c:19:b8:97:c9:8a:2a:63:08:f8:39:5a:8e:b4:9e:86:a4:69:73:3f:d8:10:d3:4c:a5:91
Signer

Actual PE Digest

7b:56:a6:6d:90:18:2c:19:b8:97:c9:8a:2a:63:08:f8:39:5a:8e:b4:9e:86:a4:69:73:3f:d8:10:d3:4c:a5:91

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

33:00:00:04:39:f6:1f:7a:67:6d:a0:00:af:00:00:00:00:04:39Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

7b:56:a6:6d:90:18:2c:19:b8:97:c9:8a:2a:63:08:f8:39:5a:8e:b4:9e:86:a4:69:73:3f:d8:10:d3:4c:a5:91Signer

7b:56:a6:6d:90:18:2c:19:b8:97:c9:8a:2a:63:08:f8:39:5a:8e:b4:9e:86:a4:69:73:3f:d8:10:d3:4c:a5:91Signer

Headers

File Characteristics

Sections

UPX0 Size: 20KB - Virtual size: 32KB

UPX1 Size: 10KB - Virtual size: 12KB

.rsrc Size: 11KB - Virtual size: 12KB

.imports Size: 1024B - Virtual size: 4KB

33:00:00:04:39:f6:1f:7a:67:6d:a0:00:af:00:00:00:00:04:39
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

7b:56:a6:6d:90:18:2c:19:b8:97:c9:8a:2a:63:08:f8:39:5a:8e:b4:9e:86:a4:69:73:3f:d8:10:d3:4c:a5:91
Signer

7b:56:a6:6d:90:18:2c:19:b8:97:c9:8a:2a:63:08:f8:39:5a:8e:b4:9e:86:a4:69:73:3f:d8:10:d3:4c:a5:91
Signer

UPX0
Size: 20KB - Virtual size: 32KB

UPX1
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 11KB - Virtual size: 12KB

.imports
Size: 1024B - Virtual size: 4KB