2024-04-10_38c0a57d1c2a6e0d59534b5a034393c7_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-10_38c0a57d1c2a6e0d59534b5a034393c7_cryptolocker
Size

5.5MB
MD5

38c0a57d1c2a6e0d59534b5a034393c7
SHA1

fd190f7f30811dcd0c6b121ae26701fb11f2fad2
SHA256

436484d77af3ddfd168cba6fb943ea9a8f82eda2d47325f613d8fd18bc52cc92
SHA512

ab338f083c12abddea177c53f7d4cef44a2ffe06d50697fb69e9eac0b414d97a14b05e51347d88a8e7a715800d3dd8634a92e548945af9c366ca4a35d40d2414
SSDEEP

98304:ot1QKvyjzO6B3DenIMmzyxD++XsBq+JUieGNt3sB/a1Ed9m+UfC:otTvgz73XMpxDbcwYvt3sFa4OC

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-10_38c0a57d1c2a6e0d59534b5a034393c7_cryptolocker

Files

2024-04-10_38c0a57d1c2a6e0d59534b5a034393c7_cryptolocker
.exe windows:5 windows x86 arch:x86

bca36106945c15cb017b0fa09fb58bca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EndPaint
CharUpperBuffW

kernel32

GetLastError
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

gdi32

CreateFontIndirectA

Sections

.text
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

./Ew
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.[Xk
Size: - Virtual size: 506B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.htext
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Ed@
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.yuc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Lbc
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ