2024-02-22_b559c75b82855ff1b504985c7877b5b3_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-22_b559c75b82855ff1b504985c7877b5b3_cryptolocker
Size

59KB
MD5

b559c75b82855ff1b504985c7877b5b3
SHA1

a18a2bee25c2bf85cee9f67f1a8a40d3786326c2
SHA256

73ddb75b33d0848676092e2770ea95e92d2469a1cd2a94cdf885a28d1bce928b
SHA512

4f15ce9b8ef6d4b4c2f9a8d79848c3540d7f554bf52842a1636e6f9e82e242508906882e4728c7d268cc437abe7d5b1a35cf24d74b5bdbcdb5b2bad7b7758f15
SSDEEP

1536:btB9g/xtCSKfxLIc//Xr+/AO/kIZ3ft2nVuTKB6nggOlHdUHTBS:btng54SMLr+/AO/kIhfoKMHdN

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-22_b559c75b82855ff1b504985c7877b5b3_cryptolocker

Files

2024-02-22_b559c75b82855ff1b504985c7877b5b3_cryptolocker
.exe windows:5 windows x86 arch:x86

a2bfa209044e11b72a41f731968fdff2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

BeginPaint
DispatchMessageA
DrawTextA
EndPaint
TranslateMessage
PostQuitMessage
ShowWindow
UpdateWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
LoadCursorA
SetWindowPos
GetWindowRect
GetMessageA
DialogBoxParamA

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcessId
GetCurrentProcess
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ