2024-01-23_700c62b43887581b2a3faefbc76d040c_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-23_700c62b43887581b2a3faefbc76d040c_cryptolocker
Size

48KB
MD5

700c62b43887581b2a3faefbc76d040c
SHA1

a3977c4856ffa56280e232365c7771952764f06c
SHA256

7ecb8a58abada43109ae439ff4e9ba34593c260ac74ff159112fdb07f67caa49
SHA512

e548e5442c997d53ce305bca0fc9c519da389993347690fd75bd4131a2449664b2d9247a7e8c9ca342309c8a18b402f2558f0aab3ec8508e20040c8d6cfe08b0
SSDEEP

1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1xzpAIKL:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7Z

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Detection of Cryptolocker Samples 1 IoCs

resource	yara_rule
sample	CryptoLocker_set1

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-23_700c62b43887581b2a3faefbc76d040c_cryptolocker

Files

2024-01-23_700c62b43887581b2a3faefbc76d040c_cryptolocker
.exe windows:5 windows x86 arch:x86

db206e36db5c9492ce02c61a679129e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

BeginPaint
DispatchMessageA
DrawTextA
EndPaint
TranslateMessage
GetMessageA
PostQuitMessage
ShowWindow
UpdateWindow
MoveWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
LoadIconA
DestroyWindow
LoadCursorA
GetClientRect
GetWindowRect

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
DeleteFileA
CloseHandle
CreateFileA

gdi32

DeleteObject
CreateFontIndirectA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ