2024-09-25_cbfed8c82f9bbbe6cc48a9b620af92b7_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-25_cbfed8c82f9bbbe6cc48a9b620af92b7_cryptolocker
Size

28KB
MD5

cbfed8c82f9bbbe6cc48a9b620af92b7
SHA1

c65c35be0701b51187dea281fdfd8acc64a5348a
SHA256

98b2a507b0d1ab59f1ad22e46654df622b294927cf96c1b59955849c10dbd6cb
SHA512

489fc244c1c5d1e99204b35fa639e5984687720650376c47cf9e7001caca9f727ac36e9fa794cb90a9851a9aedb396d3f5c9cffd2d52ea3d40bb37640b68299b
SSDEEP

384:bFgFQrdSmuQ8WFqxpj5cpyIuYxVe3FSr+OLfjDp+0g/HNblX7QCOBq7:bFgm5zusFUB2preAr+Ofjg0STX73OBq7

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2024-09-25_cbfed8c82f9bbbe6cc48a9b620af92b7_cryptolocker
unpack001/out.upx

Files

2024-09-25_cbfed8c82f9bbbe6cc48a9b620af92b7_cryptolocker
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ