2024-04-27_b046677392873efdc8545fa6345cd417_cryptolocker | Triage

Sharing

General

Target

2024-04-27_b046677392873efdc8545fa6345cd417_cryptolocker
Size

36KB
MD5

b046677392873efdc8545fa6345cd417
SHA1

75bf21038f9e15e2834253325447ee8b40b0c41a
SHA256

a98917e500f5e9c5377d58317a43237bfc0f8036c4a6eb366494bd6577769c94
SHA512

1f0c3cde36ff3410d4f0f8f32cf191e46dcb9a55623fc35df4539c0dcd8d6b0a43d6e9c9174e229e6be80b5b7c9a69c76ed53e8b222100c083c5165b5f411f70
SSDEEP

768:b7o/2n1TCraU6GD1a4Xt9bRU6zA6o36mI3:bc/y2lLRU6zA6qQ

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-27_b046677392873efdc8545fa6345cd417_cryptolocker

Files

2024-04-27_b046677392873efdc8545fa6345cd417_cryptolocker
.exe windows:5 windows x86 arch:x86

78f4abb8610ca1c22ad9f81ecfabcc3c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

TranslateMessage
BeginPaint
DispatchMessageA
DrawTextA
CreateWindowExA
GetMessageA
PostQuitMessage
ShowWindow
UpdateWindow
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
LoadCursorA
SetWindowPos
GetWindowRect
EndPaint
DialogBoxParamA

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcess
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ