Behavioral task
behavioral1
Sample
2024-10-14_f597da85648ed7fbd089fc80410979d1_cryptolocker.exe
Resource
win7-20240903-en
General
-
Target
2024-10-14_f597da85648ed7fbd089fc80410979d1_cryptolocker
-
Size
28KB
-
MD5
f597da85648ed7fbd089fc80410979d1
-
SHA1
42f0b591810c17660a05105f0fa42cdb050c9906
-
SHA256
f0ee34cee687c59cf36cd37bf57fc8b56f924992070144b1d83a1d7ad00e7ae5
-
SHA512
896002ac98d8dead1e71d8848ce52615d889e4eed4617044a316f6eaf93407c96bd120f82b1ddb5e76b13d7af18cd1e4ce03362eed5f70be6c6f3117e4dc2fa1
-
SSDEEP
384:bFgFQrdSmuQ8WFqxpj5cpyIuYxVe3FSr+OLfjDp+0g/HNblX7QCOBq9:bFgm5zusFUB2preAr+Ofjg0STX73OBq9
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource 2024-10-14_f597da85648ed7fbd089fc80410979d1_cryptolocker unpack001/out.upx
Files
-
2024-10-14_f597da85648ed7fbd089fc80410979d1_cryptolocker.exe windows:5 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 28KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 11KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:5 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ