2024-02-19_6f369560b46add5ced879db6756603bb_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-19_6f369560b46add5ced879db6756603bb_cryptolocker
Size

385KB
MD5

6f369560b46add5ced879db6756603bb
SHA1

601b4ba43705af33a48b89e0924c363f5d5b0347
SHA256

bcb9c39d32e968901d6e157b80729634f7f5c37c5d81faf9ed6efdf8cbac3b6a
SHA512

7eefe554abce91f7b8afa3d39ca4557f2cc0d7c1d4b8dda627ef4d745e7ea7070f5483ebffa5714708ad9b1939984bca6cfbf7a55af7fc4c3d4a47cb39a94a34
SSDEEP

6144:nnOsaQgAOjvrZFODJjBz3j1jTqQy6v2GGnugOtihzXP:nnOflT/ZFIjBz3xjTxynGUOUhXP

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-19_6f369560b46add5ced879db6756603bb_cryptolocker

Files

2024-02-19_6f369560b46add5ced879db6756603bb_cryptolocker
.exe windows:5 windows x86 arch:x86

021d5e7849e90fdf4c65d3045c109483

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UpdateWindow
LoadCursorA
ShowWindow
PostQuitMessage
GetMessageA
EndPaint
DispatchMessageA
BeginPaint
TranslateMessage
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
GetWindowRect
SetWindowPos

kernel32

GetCurrentThreadId
CreateFileA
GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
GetCurrentDirectoryA
FindClose
GetFileSize
FindNextFileA
DeleteFileA
CloseHandle
GetCurrentProcessId
GetCurrentProcess

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.ropf
Size: 512B - Virtual size: 101B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ