2024-03-14_baee7028975eec83466360736954fd11_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-14_baee7028975eec83466360736954fd11_cryptolocker
Size

40KB
MD5

baee7028975eec83466360736954fd11
SHA1

e8d8f4f4d9bf818689994f1c5e8c76de50ea77af
SHA256

8c14989c3341b09fb74e7a95f029498179b1c934b2268a7ce5698816843bed55
SHA512

8317f79f461ba31a85958d0146e71bdd7024212b1e98a7544c11376c47e512fae5a49569072eb33a02e4c690d6e9af7beab187c17a7d726a07a52a0a9e4df6cb
SSDEEP

384:bAvMaNGh4z7CG3POOvbRSLoF/F0QU5XYFnufc/zzoiM8Nekdvjl9V50i3NbF0QkJ:bAvJCYOOvbRPDEgXrNekd7l94i3pF0v

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-14_baee7028975eec83466360736954fd11_cryptolocker

Files

2024-03-14_baee7028975eec83466360736954fd11_cryptolocker
.exe windows:5 windows x86 arch:x86

5a4767bc6f06914cff6e249c178e3b95

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DispatchMessageA
DrawTextA
EndPaint
BeginPaint
PostQuitMessage
ShowWindow
UpdateWindow
TranslateMessage
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
LoadCursorA
SetWindowPos
GetWindowRect
GetMessageA
DialogBoxParamA

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ