2024-02-01_c8f1d2b1c821d397efd40d14426b3f06_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-01_c8f1d2b1c821d397efd40d14426b3f06_cryptolocker
Size

40KB
MD5

c8f1d2b1c821d397efd40d14426b3f06
SHA1

4af8b14b4196a79a86b26405de155a3ec9d6c4df
SHA256

feb39793ce5051661989ec0917c63ba0a7178819464f3411d008420ce99b75ca
SHA512

e2a459f6d93eebe793d4b5d6be8e8cf30f209e76883724281d82ae1d1b1066112184e9e43e39c9b9c12d38d399b3bf25c461e708212ab00cfeb3e45cb424ba9f
SSDEEP

384:btBYQg/WIEhUCSNyepEjYnDOAlzVol6U/zzo+tkq4XDIwNiJXxXunrkwIxZdG:btB9g/WItCSsAGjX7e9N0hunrknA

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-01_c8f1d2b1c821d397efd40d14426b3f06_cryptolocker

Files

2024-02-01_c8f1d2b1c821d397efd40d14426b3f06_cryptolocker
.exe windows:5 windows x86 arch:x86

a2bfa209044e11b72a41f731968fdff2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

BeginPaint
DispatchMessageA
DrawTextA
EndPaint
TranslateMessage
PostQuitMessage
ShowWindow
UpdateWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
LoadCursorA
SetWindowPos
GetWindowRect
GetMessageA
DialogBoxParamA

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcessId
GetCurrentProcess
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ