2024-01-29_806b9aa6581751fefb8d6a9537f6bf0c_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-29_806b9aa6581751fefb8d6a9537f6bf0c_cryptolocker
Size

59KB
MD5

806b9aa6581751fefb8d6a9537f6bf0c
SHA1

86b753f0de1a8dbcafaa78c74b00f19e9c4deec5
SHA256

c920b3e396848d2624d4c7b95f0084fab01207f31352841cc551945c1b794ccb
SHA512

27707e4317017f300d177cebc0169c4ba37dd51678e40ac50df8684531e61f8fb0d68aae0ad5871c1fe9ccfc56fc2d37576726c46bbb0cf9f9fa9eba86e3cda1
SSDEEP

1536:btB9g/xtCSKfxLIc//Xr+/AO/kIZ3ft2nVuTKB6nggOlHdUHxI:btng54SMLr+/AO/kIhfoKMHdX

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-29_806b9aa6581751fefb8d6a9537f6bf0c_cryptolocker

Files

2024-01-29_806b9aa6581751fefb8d6a9537f6bf0c_cryptolocker
.exe windows:5 windows x86 arch:x86

a2bfa209044e11b72a41f731968fdff2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

BeginPaint
DispatchMessageA
DrawTextA
EndPaint
TranslateMessage
PostQuitMessage
ShowWindow
UpdateWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
LoadCursorA
SetWindowPos
GetWindowRect
GetMessageA
DialogBoxParamA

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcessId
GetCurrentProcess
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ