2024-02-19_65995e6a9c8cd4f40fabe4f802017b7f_cryptolocker | Triage

Sharing

General

Target

2024-02-19_65995e6a9c8cd4f40fabe4f802017b7f_cryptolocker
Size

40KB
MD5

65995e6a9c8cd4f40fabe4f802017b7f
SHA1

d353335e6a3ce4142d49e1c5f1826b8792104fa8
SHA256

e47ccd8e3c629d74c1477e3844b05f69ff50b620c2ae60be1369ddf6ae906531
SHA512

0cd7a4af6600b477e90e142965ef28dffebbba276500547ad5ca5b9c8028174b12545bd0b0209a97a5693bd90d6c459355f41cf0dc8e7b9e6ca922297541a6cf
SSDEEP

768:Kf1K2exg2kBwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZsBGGpebVIYLHA3KxO:o1KhxqwtdgI2MyzNORQtOflIwoHNV2X7

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Detection of Cryptolocker Samples 1 IoCs

resource	yara_rule
sample	CryptoLocker_set1

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-19_65995e6a9c8cd4f40fabe4f802017b7f_cryptolocker

Files

2024-02-19_65995e6a9c8cd4f40fabe4f802017b7f_cryptolocker
.exe windows:5 windows x86 arch:x86

db206e36db5c9492ce02c61a679129e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

BeginPaint
DispatchMessageA
DrawTextA
EndPaint
TranslateMessage
GetMessageA
PostQuitMessage
ShowWindow
UpdateWindow
MoveWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
LoadIconA
DestroyWindow
LoadCursorA
GetClientRect
GetWindowRect

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
DeleteFileA
CloseHandle
CreateFileA

gdi32

DeleteObject
CreateFontIndirectA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ