2024-03-20_4d2fc1f1b343614eac7b0a49e787f109_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-20_4d2fc1f1b343614eac7b0a49e787f109_cryptolocker
Size

35KB
MD5

4d2fc1f1b343614eac7b0a49e787f109
SHA1

4432ae5a15e26b72ff1bf0abd3cf3baa4e95aa2b
SHA256

bbe7bb13c0fc72d0de0da6c729541f351e0c5c4d2be6209c2c80ecd0d82afe65
SHA512

64eda1d41b1af6b7bff9536dfed70a53a82480ab356226e9743a92ece190294afe5d7e1ea60e4d00b4a4e6451b638e6893c6100f63f5994416a8c0a54289ba7a
SSDEEP

768:b/yC4GyNM01GuQMNXw2PSjHC02ltA7923:b/pYayGig5HC02g79+

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-20_4d2fc1f1b343614eac7b0a49e787f109_cryptolocker

Files

2024-03-20_4d2fc1f1b343614eac7b0a49e787f109_cryptolocker
.exe windows:5 windows x86 arch:x86

ad86a1414a0514f4c041167365378f70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EndPaint
GetMessageA
DrawTextA
ShowWindow
UpdateWindow
DispatchMessageA
BeginPaint
TranslateMessage
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
GetWindowRect
LoadCursorA
PostQuitMessage
SetWindowPos

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
GetCurrentDirectoryA
FindClose
FindNextFileA
DeleteFileA
CloseHandle
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ