2024-01-25_cbce0145a61adee02718f25d24d47040_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-25_cbce0145a61adee02718f25d24d47040_cryptolocker
Size

31KB
MD5

cbce0145a61adee02718f25d24d47040
SHA1

ff519a44d770f6f393f4c188f063944f3ff9eb2b
SHA256

86008f1122db59f4419e80160934e3e3d70b881e66300d3df6bc9f21d0058fda
SHA512

dce8f1eceea13aed1fc876e0f3c88ecd6df55fd1a182781385b13ba12b0224baf03c0b087aa8295794e98f25207f863ac356038288d9869fee60ecb70d7363de
SSDEEP

384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznUsDY:b/yC4GyNM01GuQMNXw2PSjZY

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-25_cbce0145a61adee02718f25d24d47040_cryptolocker

Files

2024-01-25_cbce0145a61adee02718f25d24d47040_cryptolocker
.exe windows:5 windows x86 arch:x86

ad86a1414a0514f4c041167365378f70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EndPaint
GetMessageA
DrawTextA
ShowWindow
UpdateWindow
DispatchMessageA
BeginPaint
TranslateMessage
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
GetWindowRect
LoadCursorA
PostQuitMessage
SetWindowPos

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
GetCurrentDirectoryA
FindClose
FindNextFileA
DeleteFileA
CloseHandle
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ