2024-01-27_af74ef2bc3568ac1e7ce0bbf7f699111_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-27_af74ef2bc3568ac1e7ce0bbf7f699111_cryptolocker
Size

32KB
MD5

af74ef2bc3568ac1e7ce0bbf7f699111
SHA1

66324536154cd2ecb7e2faf142ff887368c46cd0
SHA256

69a6ea83d3189f25cbeaad2c97d9e2a55baf9bbcbc6f33706557efe8670d8b6e
SHA512

f04dd2ca08b86f390f40384536f8380c2cc66c3721184901f9487e9b0ed91d223684768c770c80c4dc62aae860f019cdc0d1278538230f3d21a6545bbd7da20c
SSDEEP

384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznHzl6AJvN9c:b/yC4GyNM01GuQMNXw2PSjHP1K

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-27_af74ef2bc3568ac1e7ce0bbf7f699111_cryptolocker

Files

2024-01-27_af74ef2bc3568ac1e7ce0bbf7f699111_cryptolocker
.exe windows:5 windows x86 arch:x86

ad86a1414a0514f4c041167365378f70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EndPaint
GetMessageA
DrawTextA
ShowWindow
UpdateWindow
DispatchMessageA
BeginPaint
TranslateMessage
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
GetWindowRect
LoadCursorA
PostQuitMessage
SetWindowPos

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
GetCurrentDirectoryA
FindClose
FindNextFileA
DeleteFileA
CloseHandle
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ