2024-02-22_df979abb2dc9578d52cbabd4c75bc563_cryptolocker | Triage

Sharing

General

Target

2024-02-22_df979abb2dc9578d52cbabd4c75bc563_cryptolocker
Size

52KB
MD5

df979abb2dc9578d52cbabd4c75bc563
SHA1

930d23d77eef96d898a06bf94db4a729f4a9c6eb
SHA256

273276274b148c9c2918efe930d314a84e95ce199acb6657440f986199c68d5e
SHA512

d5b3b8bb60fc4918ef95ec9ab497253c6acf2f44614ec4ea1b0fff1156b3c12aee431b91e101f511759c49e2cd8c19cc9e22c9d9d055d2752bb85e0f584f41da
SSDEEP

768:bIDOw9UiaCHfjnE0Sfa7ilR0p9u6p4ICNBCXK9XbTbmhTymd:bIDOw9a0DwitDZzcT2d

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-22_df979abb2dc9578d52cbabd4c75bc563_cryptolocker

Files

2024-02-22_df979abb2dc9578d52cbabd4c75bc563_cryptolocker
.exe windows:5 windows x86 arch:x86

0bcae7989ef60f5550a7f5735f53a2aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EndPaint
GetMessageA
DispatchMessageA
ShowWindow
UpdateWindow
BeginPaint
TranslateMessage
MoveWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadCursorA
LoadIconA
PostQuitMessage
GetWindowRect

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
FindClose
FindNextFileA
DeleteFileA
CloseHandle
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 506B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ