2024-03-11_7869f7efb72e96d0c7f5fb8b4f52321b_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-11_7869f7efb72e96d0c7f5fb8b4f52321b_cryptolocker
Size

29KB
MD5

7869f7efb72e96d0c7f5fb8b4f52321b
SHA1

948f0d840d648f6ad134732e141cc556bba49582
SHA256

cbefc0d5eea95e9f36ba43d3380c6058738316458a38851d21f0781366be8fe8
SHA512

b3a0e803fe5addd5c8c4c797d2ac1fa55ff0c7b9aba44a70d3ff5cca4286f8fb07f147fb473fa983068a79cef1efb952282f2bcf9215226106d2708e83e02a30
SSDEEP

384:bAvMaNGh4z7CG3POOvbRSLoF/F0QU5XYFnufc/zzo6cMA2:bAvJCYOOvbRPDEgXRcMA2

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-11_7869f7efb72e96d0c7f5fb8b4f52321b_cryptolocker

Files

2024-03-11_7869f7efb72e96d0c7f5fb8b4f52321b_cryptolocker
.exe windows:5 windows x86 arch:x86

5a4767bc6f06914cff6e249c178e3b95

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DispatchMessageA
DrawTextA
EndPaint
BeginPaint
PostQuitMessage
ShowWindow
UpdateWindow
TranslateMessage
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
LoadCursorA
SetWindowPos
GetWindowRect
GetMessageA
DialogBoxParamA

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ