2024-03-11_4537c38cdc7bbb1f3524b9f97bbf2857_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-11_4537c38cdc7bbb1f3524b9f97bbf2857_cryptolocker
Size

33KB
MD5

4537c38cdc7bbb1f3524b9f97bbf2857
SHA1

535ed31c4fd867e3a93ed0e437c4e267e6a78894
SHA256

314f8deab3d8771dadc864d6dca9d6edc46d973c477676e49a527b6845c84707
SHA512

0781f3084273c2c5dd7b3b9f4f4d99f8db6fc04cb2338aef7a0d9705b96b9f2aeef19ccca074d3bf3a99ada1d345597b0c7acf4eacefa062ddd90c16b90b0f22
SSDEEP

384:btBYQg/WIEhUCSNyepEjYnDOAlzVol6U/zzo+tkq4l8tFFxE2BoVS71K:btB9g/WItCSsAGjX7r3BoVS70

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-11_4537c38cdc7bbb1f3524b9f97bbf2857_cryptolocker

Files

2024-03-11_4537c38cdc7bbb1f3524b9f97bbf2857_cryptolocker
.exe windows:5 windows x86 arch:x86

a2bfa209044e11b72a41f731968fdff2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

BeginPaint
DispatchMessageA
DrawTextA
EndPaint
TranslateMessage
PostQuitMessage
ShowWindow
UpdateWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
LoadCursorA
SetWindowPos
GetWindowRect
GetMessageA
DialogBoxParamA

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcessId
GetCurrentProcess
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ