2024-02-14_e67f2c82fa3c9c9d650c10e7890102c1_cryptolocker | Triage

Sharing

General

Target

2024-02-14_e67f2c82fa3c9c9d650c10e7890102c1_cryptolocker
Size

37KB
MD5

e67f2c82fa3c9c9d650c10e7890102c1
SHA1

cceed76d49a9f575f56a0a11c408a8e7fef24085
SHA256

89f4e6f09f76e3796c497a0e146a69246669592d75e212e0fbb2a79c2851dc92
SHA512

ebba0036be2bcf2bec7cf8267ac0694c2fba1e95029481b94ff18b494512089638fab671fd8b4307ab19261d79544a1e412ff0583b6e67454c0b97a11ee7fb0c
SSDEEP

384:btBYQg/WIEhUCSNyepEjYnDOAlzVol6U/zzo+tkq4XDIwNiJXxXunRClp:btB9g/WItCSsAGjX7e9N0hunRClp

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-14_e67f2c82fa3c9c9d650c10e7890102c1_cryptolocker

Files

2024-02-14_e67f2c82fa3c9c9d650c10e7890102c1_cryptolocker
.exe windows:5 windows x86 arch:x86

a2bfa209044e11b72a41f731968fdff2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

BeginPaint
DispatchMessageA
DrawTextA
EndPaint
TranslateMessage
PostQuitMessage
ShowWindow
UpdateWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
LoadCursorA
SetWindowPos
GetWindowRect
GetMessageA
DialogBoxParamA

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcessId
GetCurrentProcess
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ