2024-01-27_caa5950fe77b2cbd3bee48c094072101_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-27_caa5950fe77b2cbd3bee48c094072101_cryptolocker
Size

35KB
MD5

caa5950fe77b2cbd3bee48c094072101
SHA1

d0129db8bfd66c7e3c64edd275d3b21babc04edb
SHA256

093e2ccec94f3cd8f9a00f4baf1d2378d526dc7ca62461c9d462f06af0326a52
SHA512

892177e091e4577e7931b6ad968a3a990f9c41d8f573cfe36198b2ddeb8b9f3c866ba8945298d89278f1ab0cdc50c449a045e9692c2072d3aaa06d50f4df17d0
SSDEEP

384:btBYQg/WIEhUCSNyepEjYnDOAlzVol6U/zzo+tkq4XDIwNiJXxXunKUn:btB9g/WItCSsAGjX7e9N0hunKUn

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-27_caa5950fe77b2cbd3bee48c094072101_cryptolocker

Files

2024-01-27_caa5950fe77b2cbd3bee48c094072101_cryptolocker
.exe windows:5 windows x86 arch:x86

a2bfa209044e11b72a41f731968fdff2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

BeginPaint
DispatchMessageA
DrawTextA
EndPaint
TranslateMessage
PostQuitMessage
ShowWindow
UpdateWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
LoadCursorA
SetWindowPos
GetWindowRect
GetMessageA
DialogBoxParamA

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcessId
GetCurrentProcess
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ