General

Malware Config

Signatures

Files

• cryptolocker-ransomware-4-16-5-es-en-br-fr-de-it-ru-cz-dk-fi-no-win.com

  .exe windows x86

  e356bc25663cfc76cea74c4a163d046d

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  26:da:af:2d:65:3a:cc:1a:f0:e8:7c:4a:55:6c:ab:fe

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Not Before

  02-03-2011 00:00

  Not After

  24-04-2014 23:59

  Subject

  CN=Enigma Software Group USA\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Enigma Software Group USA\, LLC,L=Clearwater,ST=Florida,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  f4:37:50:40:24:c3:91:55:84:4c:54:29:1f:83:47:84:2d:d7:c2:a4

  Signer

  Actual PE Digest

  f4:37:50:40:24:c3:91:55:84:4c:54:29:1f:83:47:84:2d:d7:c2:a4

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Enigma Software Group USA\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Enigma Software Group USA\, LLC,L=Clearwater,ST=Florida,C=US

  15-08-2013 22:35

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  wininet

  InternetCloseHandle

  InternetSetOptionW

  InternetOpenUrlW

  InternetOpenW

  InternetCheckConnectionW

  kernel32

  SizeofResource

  GlobalUnlock

  FlushInstructionCache

  SetLastError

  GlobalFree

  LockResource

  CreateMutexW

  LoadLibraryExW

  GetModuleHandleW

  InitializeCriticalSection

  GetModuleFileNameW

  MultiByteToWideChar

  lstrcmpiW

  DeleteCriticalSection

  GetVolumeInformationW

  FileTimeToSystemTime

  FileTimeToLocalFileTime

  WriteConsoleW

  GetConsoleOutputCP

  WriteConsoleA

  SetStdHandle

  GetStringTypeW

  GetStringTypeA

  GetLocaleInfoA

  InitializeCriticalSectionAndSpinCount

  GetCurrentDirectoryA

  CreateFileA

  PeekNamedPipe

  GetFileInformationByHandle

  GetFullPathNameA

  FlushFileBuffers

  SetFilePointer

  LCMapStringW

  LCMapStringA

  ReadFile

  QueryPerformanceCounter

  GetStartupInfoA

  GetFileType

  SetHandleCount

  GetCommandLineW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  FindNextFileW

  GetConsoleCP

  GlobalAlloc

  IsValidCodePage

  GetOEMCP

  GetACP

  GetCPInfo

  GetModuleFileNameA

  GetStdHandle

  ExitProcess

  HeapSize

  TlsFree

  TlsSetValue

  TlsAlloc

  TlsGetValue

  RtlUnwind

  ExitThread

  FindFirstFileA

  GetDriveTypeA

  GetSystemTimeAsFileTime

  HeapReAlloc

  GetStartupInfoW

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  GlobalLock

  GetCurrentProcess

  LoadResource

  FindResourceW

  ExpandEnvironmentStringsW

  CreateThread

  SetFileAttributesW

  lstrcpyW

  LocalFree

  DeleteFileW

  CloseHandle

  GetExitCodeThread

  LocalAlloc

  FindClose

  EnterCriticalSection

  GetProcAddress

  GetLastError

  RaiseException

  lstrlenW

  CreateFileW

  GetFileAttributesW

  lstrcpynW

  LeaveCriticalSection

  GetVersionExW

  Sleep

  LoadLibraryW

  WaitForSingleObject

  CreateProcessW

  FreeLibrary

  lstrcpynA

  lstrlenA

  UnhandledExceptionFilter

  VirtualAlloc

  VirtualFree

  IsProcessorFeaturePresent

  LoadLibraryA

  HeapAlloc

  GetProcessHeap

  HeapFree

  InterlockedCompareExchange

  FindFirstFileW

  GetTickCount

  InterlockedDecrement

  InterlockedIncrement

  CompareStringA

  FormatMessageA

  ExpandEnvironmentStringsA

  HeapCreate

  GetCurrentThreadId

  SleepEx

  GetCurrentProcessId

  FindFirstVolumeW

  CreateToolhelp32Snapshot

  Process32NextW

  QueryDosDeviceW

  Process32FirstW

  TerminateProcess

  GetVolumePathNamesForVolumeNameW

  FindNextVolumeW

  OpenProcess

  FindVolumeClose

  IsWow64Process

  GetLongPathNameW

  WideCharToMultiByte

  WriteFile

  CompareStringW

  SetEnvironmentVariableA

  SetEndOfFile

  GetTimeZoneInformation

  GetConsoleMode

  GetModuleHandleA

  user32

  MoveWindow

  GetWindow

  DefWindowProcW

  CallWindowProcW

  GetMonitorInfoW

  SetWindowTextW

  DestroyMenu

  AdjustWindowRect

  MapWindowPoints

  SendMessageW

  GetSystemMetrics

  MessageBoxW

  RemoveMenu

  IsWindow

  GetMenuItemCount

  LoadBitmapW

  CreatePopupMenu

  LoadStringW

  SetWindowPos

  BroadcastSystemMessageW

  SetWindowLongW

  MonitorFromWindow

  PeekMessageW

  AppendMenuW

  LoadAcceleratorsW

  LoadMenuW

  ShowWindow

  DispatchMessageW

  LoadCursorW

  InvalidateRect

  TrackPopupMenuEx

  OffsetRect

  LoadIconW

  IsDialogMessageW

  PtInRect

  BeginPaint

  GetMenuItemInfoW

  SetFocus

  GetClientRect

  MessageBeep

  GetParent

  LoadStringA

  KillTimer

  DrawTextW

  PostQuitMessage

  MonitorFromPoint

  GetWindowRect

  SetTimer

  TranslateAcceleratorW

  DestroyWindow

  EndPaint

  CreateWindowExW

  RegisterClassExW

  UnregisterClassA

  GetWindowLongW

  CharNextW

  GetMessageW

  TranslateMessage

  wvsprintfW

  LoadImageW

  GetClassInfoExW

  gdi32

  DeleteObject

  BitBlt

  SetTextColor

  DeleteDC

  SetBkMode

  GetObjectW

  SelectObject

  CreateCompatibleDC

  CreateCompatibleBitmap

  CreateFontW

  advapi32

  RegQueryInfoKeyW

  OpenSCManagerW

  OpenServiceW

  RegCreateKeyExW

  RegQueryValueExW

  StartServiceW

  RegDeleteValueW

  ChangeServiceConfigW

  QueryServiceStatusEx

  RegOpenKeyExW

  AdjustTokenPrivileges

  RegEnumKeyExW

  LookupPrivilegeValueW

  RegDeleteKeyW

  CloseServiceHandle

  OpenProcessToken

  RegSetValueExW

  RegCloseKey

  QueryServiceConfigW

  shell32

  ShellExecuteExW

  ShellExecuteW

  ole32

  CoCreateInstance

  CreateStreamOnHGlobal

  CoTaskMemAlloc

  CoTaskMemFree

  CoTaskMemRealloc

  oleaut32

  VarUI4FromStr

  comctl32

  InitCommonControlsEx

  urlmon

  URLDownloadToFileW

  iphlpapi

  GetAdaptersInfo

  gdiplus

  GdipDrawImageRect

  GdipCreateFromHDC

  GdipDisposeImage

  GdipAlloc

  GdipSetSmoothingMode

  GdipSetStringFormatAlign

  GdipGetImageGraphicsContext

  GdipDeleteGraphics

  GdipCreateBitmapFromScan0

  GdipSetTextRenderingHint

  GdipCreateBitmapFromStream

  GdipSetStringFormatLineAlign

  GdipGetImageHeight

  GdipFree

  GdipDrawImageRectRect

  GdiplusStartup

  GdiplusShutdown

  GdipDeleteStringFormat

  GdipGetImageWidth

  GdipCreateStringFormat

  GdipSetInterpolationMode

  GdipCloneImage

  wintrust

  CryptCATAdminEnumCatalogFromHash

  WinVerifyTrustEx

  ws2_32

  WSACleanup

  WSAStartup

  closesocket

  getsockopt

  socket

  bind

  recv

  setsockopt

  getsockname

  ntohs

  htons

  WSAGetLastError

  connect

  send

  WSASetLastError

  __WSAFDIsSet

  select

  ioctlsocket

  freeaddrinfo

  getaddrinfo

  psapi

  GetProcessImageFileNameW

  GetModuleFileNameExW

  EnumProcessModules

  Sections

  .text

  Size: 288KB - Virtual size: 287KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 58KB - Virtual size: 57KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 7KB - Virtual size: 15KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 328KB - Virtual size: 327KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 17KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ