2024-04-24_5c1a5bdd22c754644f16b87457e4e5a8_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-24_5c1a5bdd22c754644f16b87457e4e5a8_cryptolocker
Size

33KB
MD5

5c1a5bdd22c754644f16b87457e4e5a8
SHA1

d88dc3095a902d251b36bf12068d5d342425a30c
SHA256

a887645e639b173442fe77992c5963a526829e6b925a3d15f3979e14750c6783
SHA512

9f74550d4402f2fe19579da0e0b8080d3b9a466724f763c2a1c3646d2d15ef82c9fb6b1a00995131de66d49eacf8c2a09b8e2a41153a0646c9b8189762b8ee43
SSDEEP

768:Kf1K2exg2kBwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZsBGGp/YIm7IZ:o1KhxqwtdgI2MyzNORQtOflIwoHNV2Xd

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Detection of Cryptolocker Samples 1 IoCs

resource	yara_rule
sample	CryptoLocker_set1

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-24_5c1a5bdd22c754644f16b87457e4e5a8_cryptolocker

Files

2024-04-24_5c1a5bdd22c754644f16b87457e4e5a8_cryptolocker
.exe windows:5 windows x86 arch:x86

db206e36db5c9492ce02c61a679129e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

BeginPaint
DispatchMessageA
DrawTextA
EndPaint
TranslateMessage
GetMessageA
PostQuitMessage
ShowWindow
UpdateWindow
MoveWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
LoadIconA
DestroyWindow
LoadCursorA
GetClientRect
GetWindowRect

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
DeleteFileA
CloseHandle
CreateFileA

gdi32

DeleteObject
CreateFontIndirectA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ