2024-04-19_f5e6d95a0fc4b90ee76eb935a810f676_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-19_f5e6d95a0fc4b90ee76eb935a810f676_cryptolocker
Size

39KB
MD5

f5e6d95a0fc4b90ee76eb935a810f676
SHA1

cd29844348bc9c0f3e8d4b03ee9e344727d54475
SHA256

fb6675cd93ca0dbe6631f7cc6042fc3e3c6ad91b34cb7c99292f41ce43db9b5e
SHA512

44b0b03ac15b7d1ff2236e2e7afa04bb5fd66cf6d0311223fb3156f887cc310e35fd34d8b8acdb12b84d7de6198e3039a3bbda1e484c5dc13472e14e5d7c471b
SSDEEP

384:btBYQg/WIEhUCSNyepEjYnDOAlzVol6U/zzo+tkq4XDIwNiJXxXunKzH15U/Es:btB9g/WItCSsAGjX7e9N0hunKLY3

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-19_f5e6d95a0fc4b90ee76eb935a810f676_cryptolocker

Files

2024-04-19_f5e6d95a0fc4b90ee76eb935a810f676_cryptolocker
.exe windows:5 windows x86 arch:x86

a2bfa209044e11b72a41f731968fdff2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

BeginPaint
DispatchMessageA
DrawTextA
EndPaint
TranslateMessage
PostQuitMessage
ShowWindow
UpdateWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
LoadCursorA
SetWindowPos
GetWindowRect
GetMessageA
DialogBoxParamA

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcessId
GetCurrentProcess
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ