Static task
static1
Behavioral task
behavioral1
Sample
2024-01-18_f5be883d39edddd633a6f0cb265a7ffe_cryptolocker.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024-01-18_f5be883d39edddd633a6f0cb265a7ffe_cryptolocker.exe
Resource
win10v2004-20231222-en
General
-
Target
2024-01-18_f5be883d39edddd633a6f0cb265a7ffe_cryptolocker
-
Size
40KB
-
MD5
f5be883d39edddd633a6f0cb265a7ffe
-
SHA1
cf78ea14f263673ab9d18244512155bd34b90060
-
SHA256
c8b81d05597518e9e86faece090c682159860027899b12d2370d5b85df2f2969
-
SHA512
80f392819329f5b4126db20d9c239efc80e516bc48736c92632169643fc3d73f636c9d744d1e407243d8300fa28d3ff6dbbd423ed01f6bb75e13be125c7b992e
-
SSDEEP
768:bxNQIE0eBhkL2Fo1CCwgfjOg1tsJ6zeen754XcwxbFqr:bxNrC7kYo1Fxf3s05rwxbFO
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
resource yara_rule sample CryptoLocker_rule2 -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-01-18_f5be883d39edddd633a6f0cb265a7ffe_cryptolocker
Files
-
2024-01-18_f5be883d39edddd633a6f0cb265a7ffe_cryptolocker.exe windows:5 windows x86 arch:x86
3c4da9ed0ba02990af7795e358bfd650
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
user32
PostQuitMessage
GetMessageA
UpdateWindow
EndPaint
DispatchMessageA
BeginPaint
TranslateMessage
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
GetWindowRect
LoadCursorA
ShowWindow
SetWindowPos
kernel32
GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
GetCurrentDirectoryA
FindClose
FindNextFileA
DeleteFileA
CloseHandle
GetCurrentProcess
CreateFileA
gdi32
CreateFontIndirectA
Sections
.text Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 518B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ