2024-02-28_018df55fc86f4d3f39d1102be9630ac8_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-28_018df55fc86f4d3f39d1102be9630ac8_cryptolocker
Size

40KB
MD5

018df55fc86f4d3f39d1102be9630ac8
SHA1

388d69c68530f16471fb2488d7aacd5670ef0109
SHA256

4c7d82bbbb11c76c7ec80f5fb1885c0c7e1765554836dfcb6d3a9ff9b41ae533
SHA512

ed50137f4e9e7c0d0a7516f1b75f9945f079b656b7ea023c1f8fd9687bf725f4d36ffa06b39ce33d471aa53526fba679c84c9d7d03c05a4ffbfd3bcf79481227
SSDEEP

768:bgX4zYcgTEu6QOaryfjqDDw3sCu5b+rc5vr5:bgGYcA/53GADw8ClrcL

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-28_018df55fc86f4d3f39d1102be9630ac8_cryptolocker

Files

2024-02-28_018df55fc86f4d3f39d1102be9630ac8_cryptolocker
.exe windows:5 windows x86 arch:x86

021d5e7849e90fdf4c65d3045c109483

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UpdateWindow
LoadCursorA
ShowWindow
PostQuitMessage
GetMessageA
EndPaint
DispatchMessageA
BeginPaint
TranslateMessage
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
GetWindowRect
SetWindowPos

kernel32

GetCurrentThreadId
CreateFileA
GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
GetCurrentDirectoryA
FindClose
GetFileSize
FindNextFileA
DeleteFileA
CloseHandle
GetCurrentProcessId
GetCurrentProcess

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.ropf
Size: 512B - Virtual size: 101B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ