2024-01-18_c62dfaf499e868ec9efc96a07ff61b1c_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-18_c62dfaf499e868ec9efc96a07ff61b1c_cryptolocker
Size

37KB
MD5

c62dfaf499e868ec9efc96a07ff61b1c
SHA1

c620e5b060379a2c8b46e79ebcc108695dd51120
SHA256

628c50298bb477ab4c5d178693e8e0c07ce0b2f7e2e55b749868d883f04f63bc
SHA512

79373eb521e6335b9987c1f7d3bf91ced20ecaab492dbbd9cdd27c2271c091d7b5cf0d819bed6a88e00ee95515cf48e11e994a520a01ea8d3585d6a9654a4e67
SSDEEP

384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznHzl6AJvDSuYlxuz:b/yC4GyNM01GuQMNXw2PSjHPbSuYl6

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-18_c62dfaf499e868ec9efc96a07ff61b1c_cryptolocker

Files

2024-01-18_c62dfaf499e868ec9efc96a07ff61b1c_cryptolocker
.exe windows:5 windows x86 arch:x86

ad86a1414a0514f4c041167365378f70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EndPaint
GetMessageA
DrawTextA
ShowWindow
UpdateWindow
DispatchMessageA
BeginPaint
TranslateMessage
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
GetWindowRect
LoadCursorA
PostQuitMessage
SetWindowPos

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
GetCurrentDirectoryA
FindClose
FindNextFileA
DeleteFileA
CloseHandle
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ