2024-01-28_fd6a6bd108b0c79a3191b0755416e859_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-28_fd6a6bd108b0c79a3191b0755416e859_cryptolocker
Size

60KB
MD5

fd6a6bd108b0c79a3191b0755416e859
SHA1

e1d3d570d056c6a1258431788ac138611ae2974f
SHA256

d4fd7662362cf29516b87da7204c62b8c00c43e9f4c5d9db6d348d8e6c0a3099
SHA512

ccf3d8d0232a43f0663ea9afcce9ac23d5d19f64355b6025ce853b515277788bd63f1ef81ac037a473e3f55665ff32d0bfbc36017bb1f8d0ccf0c69f50a9a928
SSDEEP

768:F6LsoEEeegiZPvEhHSG+g2QTQtOOtEvwDpjB:F6QFElP6n+g3TQMOtEvwDpjB

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Detection of Cryptolocker Samples 1 IoCs

resource	yara_rule
sample	CryptoLocker_set1

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-28_fd6a6bd108b0c79a3191b0755416e859_cryptolocker

Files

2024-01-28_fd6a6bd108b0c79a3191b0755416e859_cryptolocker
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rlwEs
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ

.wdbm
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.epwjdwx
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.RisVgtS
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ

.zKnY
Size: 1024B - Virtual size: 753B

IMAGE_SCN_MEM_READ