2024-01-25_f4149d8a9334115a52115261b8c6e532_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-25_f4149d8a9334115a52115261b8c6e532_cryptolocker
Size

38KB
MD5

f4149d8a9334115a52115261b8c6e532
SHA1

fad3454ae4e1cb2d3294a4b5fa086102f83b12f9
SHA256

50d265474ca5f0bc574a095f36f216b4c2982a6979d7d35a3bd3da9260d0e18e
SHA512

6f344d5a05994314ac2d4f6da9fb012ea7d36de9a86cc663f630a687bded39629b90be6eb122212038497eb361630cb717ad938565292a836dd494e5958e66f8
SSDEEP

384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznHzl6AJvDSuYlWJ:b/yC4GyNM01GuQMNXw2PSjHPbSuYlWJ

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-25_f4149d8a9334115a52115261b8c6e532_cryptolocker

Files

2024-01-25_f4149d8a9334115a52115261b8c6e532_cryptolocker
.exe windows:5 windows x86 arch:x86

ad86a1414a0514f4c041167365378f70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EndPaint
GetMessageA
DrawTextA
ShowWindow
UpdateWindow
DispatchMessageA
BeginPaint
TranslateMessage
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
GetWindowRect
LoadCursorA
PostQuitMessage
SetWindowPos

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
GetCurrentDirectoryA
FindClose
FindNextFileA
DeleteFileA
CloseHandle
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ