2024-03-27_4b97ecf1dc32157eee885da85f78e094_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-27_4b97ecf1dc32157eee885da85f78e094_cryptolocker
Size

35KB
MD5

4b97ecf1dc32157eee885da85f78e094
SHA1

8d4752bc3a8b6ab9bc45dd18c6fecc991ea9a5c3
SHA256

5d20590b3d1f4607e44cd44722bceb392424f66aad54ee2015950dd36bc4e148
SHA512

de80a971a3acb3023fc8e6df78a166b2be81e406c622bd9915d7abad259140569cc227519af0dc2d86008b0c11b72d68bd792bb591924b3dca17b81aed4c22de
SSDEEP

384:btBYQg/WIEhUCSNyepEjYnDOAlzVol6U/zzo+tkq4XDIwNiJXxXunRSyh:btB9g/WItCSsAGjX7e9N0hunRvh

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-27_4b97ecf1dc32157eee885da85f78e094_cryptolocker

Files

2024-03-27_4b97ecf1dc32157eee885da85f78e094_cryptolocker
.exe windows:5 windows x86 arch:x86

a2bfa209044e11b72a41f731968fdff2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

BeginPaint
DispatchMessageA
DrawTextA
EndPaint
TranslateMessage
PostQuitMessage
ShowWindow
UpdateWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
LoadCursorA
SetWindowPos
GetWindowRect
GetMessageA
DialogBoxParamA

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcessId
GetCurrentProcess
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ