2024-04-24_2d00129cb97b448e739d489051bb478f_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-24_2d00129cb97b448e739d489051bb478f_cryptolocker
Size

36KB
MD5

2d00129cb97b448e739d489051bb478f
SHA1

c983a2d36da6271a81c235d319c877e7d5bec7c6
SHA256

627bf028afc245dd2e26861f99b17a36977e04e60ffc0d5cfecfb58324a961d9
SHA512

14d3baef1381b6582b7ea828302d98bcca1ef8fdccf87adb2f53df1d0e1402247cc0ac15dfe5e2cc30cd0b8794297304e66d5cd6f35ed498c26f510eb5900da9
SSDEEP

768:b7o/2n1TCraU6GD1a4Xt9bRU6zA6o36mv:bc/y2lLRU6zA6qv

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-24_2d00129cb97b448e739d489051bb478f_cryptolocker

Files

2024-04-24_2d00129cb97b448e739d489051bb478f_cryptolocker
.exe windows:5 windows x86 arch:x86

78f4abb8610ca1c22ad9f81ecfabcc3c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

TranslateMessage
BeginPaint
DispatchMessageA
DrawTextA
CreateWindowExA
GetMessageA
PostQuitMessage
ShowWindow
UpdateWindow
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
LoadCursorA
SetWindowPos
GetWindowRect
EndPaint
DialogBoxParamA

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcess
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ