2024-01-28_892f0a79787a4f12fa8c302cb83a3d17_cryptolocker | Triage

Sharing

General

Target

2024-01-28_892f0a79787a4f12fa8c302cb83a3d17_cryptolocker
Size

30KB
MD5

892f0a79787a4f12fa8c302cb83a3d17
SHA1

16c4e5eff6a5ed1566233bbcacf21113444cced3
SHA256

9634e9cc703da4b084b1cac20aa82a7fdec4ab7257a954bc8c9c41a979915ded
SHA512

ef8135eeb5990221d7ce0d7c524ef110a4e0c1c4ac3d94f23ff8570a4b9de17343b642e1298fc2de1a2156aa4bb85d5d1d9d37fdafae2b030c1c442a134ca5b8
SSDEEP

384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznPN:b/yC4GyNM01GuQMNXw2PSjPN

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-28_892f0a79787a4f12fa8c302cb83a3d17_cryptolocker

Files

2024-01-28_892f0a79787a4f12fa8c302cb83a3d17_cryptolocker
.exe windows:5 windows x86 arch:x86

ad86a1414a0514f4c041167365378f70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EndPaint
GetMessageA
DrawTextA
ShowWindow
UpdateWindow
DispatchMessageA
BeginPaint
TranslateMessage
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
GetWindowRect
LoadCursorA
PostQuitMessage
SetWindowPos

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
GetCurrentDirectoryA
FindClose
FindNextFileA
DeleteFileA
CloseHandle
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ