2024-03-13_bd9a30a8dd8086c9281746a9e03635eb_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-13_bd9a30a8dd8086c9281746a9e03635eb_cryptolocker
Size

61KB
MD5

bd9a30a8dd8086c9281746a9e03635eb
SHA1

96f6726f4fbd723c6dc1213dfbce951f81cc20e9
SHA256

00d29aef1013a791248c4bd4348b3c6cb89ab5829758f468c49de60380f7e63d
SHA512

860c2743eaeb0be5e43b1945457bc8a82bd75bb397ede915ac8e8e52c8573c12046813566aa0c1a0e63c34efadaab3f41cccc44fac35df52e94ef7eebc9ef456
SSDEEP

1536:btB9g/xtCSKfxLIc//Xr+/AO/kIZ3ft2nVuTKB6nggOlHdUHf5:btng54SMLr+/AO/kIhfoKMHdg

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-13_bd9a30a8dd8086c9281746a9e03635eb_cryptolocker

Files

2024-03-13_bd9a30a8dd8086c9281746a9e03635eb_cryptolocker
.exe windows:5 windows x86 arch:x86

a2bfa209044e11b72a41f731968fdff2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

BeginPaint
DispatchMessageA
DrawTextA
EndPaint
TranslateMessage
PostQuitMessage
ShowWindow
UpdateWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
LoadCursorA
SetWindowPos
GetWindowRect
GetMessageA
DialogBoxParamA

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcessId
GetCurrentProcess
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ