2024-03-08_f97d63396f8544c8e38d6bf57f879404_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-08_f97d63396f8544c8e38d6bf57f879404_cryptolocker
Size

49KB
MD5

f97d63396f8544c8e38d6bf57f879404
SHA1

a4c9b37cd7f9a1ab2be29b9bcb4eac40bb278b49
SHA256

8fc7b35ae9f9da2804bb4e4f5e1728a218b05b6e2087a2a0e2ac6c885a7cc1f0
SHA512

7dc3e2087b0f9239a85372ece4042fbd42c949306e870cf8c7b4fbb1243132a2f28b852d61b2c060d4ee499e5b25034a05206c5ac11021fd3be87d2495aa3556
SSDEEP

768:btB9g/WItCSsAGjX7r3BPOMHoc/QQJP5wjvaHYwiqN:btB9g/xtCSKfxLIc/E1aN

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-08_f97d63396f8544c8e38d6bf57f879404_cryptolocker

Files

2024-03-08_f97d63396f8544c8e38d6bf57f879404_cryptolocker
.exe windows:5 windows x86 arch:x86

a2bfa209044e11b72a41f731968fdff2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

BeginPaint
DispatchMessageA
DrawTextA
EndPaint
TranslateMessage
PostQuitMessage
ShowWindow
UpdateWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
LoadCursorA
SetWindowPos
GetWindowRect
GetMessageA
DialogBoxParamA

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcessId
GetCurrentProcess
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ