2024-02-14_dd1373d512af977e0cf9547b3f29cecd_cryptolocker | Triage

Sharing

General

Target

2024-02-14_dd1373d512af977e0cf9547b3f29cecd_cryptolocker
Size

40KB
MD5

dd1373d512af977e0cf9547b3f29cecd
SHA1

6a424f57982dad36b7f931b87a5d8e2b8dd0835d
SHA256

d6bf637d1c5a3b535f9e2e086b507e13b1fdbd8444e50198662a3b5f4c3fd18d
SHA512

10a33d95216b07cda527f7e047142eca361792aa9bc63c3efc2c6c201df00acc77a62e0c2e041d1f1491af624d5c15395b46be87a5646f8d7b46db74e0fb5db3
SSDEEP

768:bxNQIE0eBhkL2Fo1CCwgfjOg1tsJ6zeen754XcwxbFqJzJ:bxNrC7kYo1Fxf3s05rwxbFSt

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-14_dd1373d512af977e0cf9547b3f29cecd_cryptolocker

Files

2024-02-14_dd1373d512af977e0cf9547b3f29cecd_cryptolocker
.exe windows:5 windows x86 arch:x86

3c4da9ed0ba02990af7795e358bfd650

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PostQuitMessage
GetMessageA
UpdateWindow
EndPaint
DispatchMessageA
BeginPaint
TranslateMessage
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
GetWindowRect
LoadCursorA
ShowWindow
SetWindowPos

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
GetCurrentDirectoryA
FindClose
FindNextFileA
DeleteFileA
CloseHandle
GetCurrentProcess
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ