2024-10-03_9b4fe4099ff88be24265cf8ea7ad5fec_cryptolocker | Triage

Sharing

General

Target

2024-10-03_9b4fe4099ff88be24265cf8ea7ad5fec_cryptolocker
Size

28KB
MD5

9b4fe4099ff88be24265cf8ea7ad5fec
SHA1

57b9f7f0745e8a36bd299312bff680adc238a313
SHA256

575818faff18d8bde9db1d23a644375b775a34ee2a03484704d23326c95b6e62
SHA512

362308ec95dc37db58a8c41669c0e666b7f1cc14e86c4075c24f7060de1a870d47b324fb2bfd899953dfb7d342aa45ab342729248fe8a3f677098c20a7b39cd3
SSDEEP

384:bFgFQrdSmuQ8WFqxpj5cpyIuYxVe3FSr+OLfjDp+0g/HNblX7QCOBqL:bFgm5zusFUB2preAr+Ofjg0STX73OBqL

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2024-10-03_9b4fe4099ff88be24265cf8ea7ad5fec_cryptolocker
unpack001/out.upx

Files

2024-10-03_9b4fe4099ff88be24265cf8ea7ad5fec_cryptolocker
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ