2024-03-05_d2dbee5e1a3c8b9b17d7629ea00b8ea5_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-05_d2dbee5e1a3c8b9b17d7629ea00b8ea5_cryptolocker
Size

35KB
MD5

d2dbee5e1a3c8b9b17d7629ea00b8ea5
SHA1

5bbc57e818d332acc7630d1f242eadfdff277f0d
SHA256

ddb7fb671fe808000a53ead674e2c8abdd270f0704bb043371037b593a5a17ae
SHA512

ee16316b0be1dc1649d34f57f0ae3300f529cc682576fd7e3c20f1a5a81e3f9d5111e2975e31bc16113e18c3dd28a03c8b2ed5815d3827434d0b54b7c0e89116
SSDEEP

384:btBYQg/WIEhUCSNyepEjYnDOAlzVol6U/zzo+tkq4XDIwNiA0f9HMfeZiO/c:btB9g/WItCSsAGjX7e9N8sfAI

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-05_d2dbee5e1a3c8b9b17d7629ea00b8ea5_cryptolocker

Files

2024-03-05_d2dbee5e1a3c8b9b17d7629ea00b8ea5_cryptolocker
.exe windows:5 windows x86 arch:x86

a2bfa209044e11b72a41f731968fdff2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

BeginPaint
DispatchMessageA
DrawTextA
EndPaint
TranslateMessage
PostQuitMessage
ShowWindow
UpdateWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
LoadCursorA
SetWindowPos
GetWindowRect
GetMessageA
DialogBoxParamA

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcessId
GetCurrentProcess
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ