2024-01-08_636e797a62a95339000efcd681fbd1e4_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-08_636e797a62a95339000efcd681fbd1e4_cryptolocker
Size

84KB
MD5

636e797a62a95339000efcd681fbd1e4
SHA1

3fb4fd200397cc253a46847388d0f1e63244db28
SHA256

25b902e483e2b2f9077f08d30a7a5fb836a61647d2e644378780de75cb746a64
SHA512

5435f30e59b67297ad143f3f0ec5e52c800eac24313d5a0ac99f43d8ce934d3d0610dcff675df5b0bdb9c471e9dee5dce1c0b2cd92e251a4fe35fc161526cba5
SSDEEP

768:XS5nQJ24LR1bytOOtEvwDpjNbZ7uyA36S7MpxRXrZSUfFKazNclMjNUvDN:i5nkFGMOtEvwDpjNbwQEI8UtzNcO8Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-08_636e797a62a95339000efcd681fbd1e4_cryptolocker

Files

2024-01-08_636e797a62a95339000efcd681fbd1e4_cryptolocker
.exe windows:5 windows x86 arch:x86

e021c9fc2c12265365fad587d43783fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

EndPaint

gdi32

CreateFontIndirectA

Sections

.MPRESS1
Size: 10KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1024B - Virtual size: 910B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE