2024-01-27_3e328f0c03346235cf36d4ffd7c5c9cc_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-27_3e328f0c03346235cf36d4ffd7c5c9cc_cryptolocker
Size

59KB
MD5

3e328f0c03346235cf36d4ffd7c5c9cc
SHA1

053ce34a01027e1d19ee51143a584c7984377194
SHA256

b72228cf92a9d6942120eb65b157d53dbfa9ea617d2a91c21f111613541dae96
SHA512

4ffabc7b0b1b4a5e748dc4b3c19ba49692cca4fafa73a2a43742c742d9c35daf07d1e24f28a73623d0926ba6f6566c573a8273337bc9edf11dade437ae93c0b4
SSDEEP

1536:btB9g/xtCSKfxLIc//Xr+/AO/kIZ3ft2nVuTKB6nggOlHdUH6L:btng54SMLr+/AO/kIhfoKMHdL

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-27_3e328f0c03346235cf36d4ffd7c5c9cc_cryptolocker

Files

2024-01-27_3e328f0c03346235cf36d4ffd7c5c9cc_cryptolocker
.exe windows:5 windows x86 arch:x86

a2bfa209044e11b72a41f731968fdff2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

BeginPaint
DispatchMessageA
DrawTextA
EndPaint
TranslateMessage
PostQuitMessage
ShowWindow
UpdateWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
LoadCursorA
SetWindowPos
GetWindowRect
GetMessageA
DialogBoxParamA

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcessId
GetCurrentProcess
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ