2024-10-06_92de1ba9cf1ceefc72459db27b088e1d_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-06_92de1ba9cf1ceefc72459db27b088e1d_cryptolocker
Size

40KB
MD5

92de1ba9cf1ceefc72459db27b088e1d
SHA1

c7c3081dfd7a52395a14b4355a0e5e76ec1f35c4
SHA256

b6f46bc53f0fba693147c35e75311dcbe6a32707c952e7d547b56e23d91ece90
SHA512

5c7fed7bd29e2bf10daf9ec05b578fedeea6676bdfc602b7480d88a2a673e5ba32dc45f9d58b7be88d19b5a87a56dde8ee3f81450a9ca6f299741b475b03dc89
SSDEEP

768:qTVbxjgQNQXtckstOOtEvwDpjAaD3TUogs/VXpAPWRiX/:qTJu9cvMOtEvwDpjppVXzRM/

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2024-10-06_92de1ba9cf1ceefc72459db27b088e1d_cryptolocker
unpack001/out.upx

Files

2024-10-06_92de1ba9cf1ceefc72459db27b088e1d_cryptolocker
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ