2024-03-25_c8681c942d77a1b71268ec733e8dbaf6_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-25_c8681c942d77a1b71268ec733e8dbaf6_cryptolocker
Size

32KB
MD5

c8681c942d77a1b71268ec733e8dbaf6
SHA1

8b3a58433cf9604e75ade999f211109c1caf4516
SHA256

b4c5f3e8cd8ff4b47481c58dfbad978a1e783da43e4f55362a4646719493604d
SHA512

c35c9dea52ed51c0f8ba2282a2fded1b61053d0e247dfd0c6d0d6058c17fa487c4e43b14309952b1b02394752644afd61cd91bef7027174e66d1571f9a39e386
SSDEEP

384:bmM0V/YPvnr801TRoUGPh4TKt6ATt1DqgPa3s/zzoCt9RDE1GulO:b7o/2n1TCraU6GD1a4Xt9RDug

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-25_c8681c942d77a1b71268ec733e8dbaf6_cryptolocker

Files

2024-03-25_c8681c942d77a1b71268ec733e8dbaf6_cryptolocker
.exe windows:5 windows x86 arch:x86

78f4abb8610ca1c22ad9f81ecfabcc3c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

TranslateMessage
BeginPaint
DispatchMessageA
DrawTextA
CreateWindowExA
GetMessageA
PostQuitMessage
ShowWindow
UpdateWindow
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
LoadCursorA
SetWindowPos
GetWindowRect
EndPaint
DialogBoxParamA

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcess
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ