2024-02-24_21e982904db3e49ee3633653fc66334d_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-24_21e982904db3e49ee3633653fc66334d_cryptolocker
Size

60KB
MD5

21e982904db3e49ee3633653fc66334d
SHA1

c7b20cf45c7af3145220b35271a7cf2b3909f008
SHA256

065ea8606920671d59cbd1594bd6ad1b7bb7ddfa06dfcee6fc6b6a16d4c03ce3
SHA512

666cfe3035e19c810570bb5890e12c1a91990b34bb17b80f28e6f687e004173167dd5a0c7558b33e80258b09a9d1bd0eb5fa4f73510667ce22ccd7e8f9f859bf
SSDEEP

1536:btB9g/xtCSKfxLIc//Xr+/AO/kIZ3ft2nVuTKB6nggOlHdUHNW:btng54SMLr+/AO/kIhfoKMHdp

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-24_21e982904db3e49ee3633653fc66334d_cryptolocker

Files

2024-02-24_21e982904db3e49ee3633653fc66334d_cryptolocker
.exe windows:5 windows x86 arch:x86

a2bfa209044e11b72a41f731968fdff2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

BeginPaint
DispatchMessageA
DrawTextA
EndPaint
TranslateMessage
PostQuitMessage
ShowWindow
UpdateWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
LoadCursorA
SetWindowPos
GetWindowRect
GetMessageA
DialogBoxParamA

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcessId
GetCurrentProcess
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ