2024-05-01_437b9a86d6d5da9db870aabc9d140489_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-01_437b9a86d6d5da9db870aabc9d140489_cryptolocker
Size

43KB
MD5

437b9a86d6d5da9db870aabc9d140489
SHA1

c1d2571b174a2b13344d2c2ed23b3e5caa14fe79
SHA256

c6560e960cc813400d572211aa046062304b3681404b7dec5a021b200be6aab8
SHA512

90e6263367162c4bd3058a9c06b6c0a7a3beb96bdf8d847b1cd6c12fe858d4fd59f4c8c73a8d7e81a8335f7f009be0089a9b3263f0cc67d6f28b5b0712da4719
SSDEEP

384:bm74uGLLQRcsdeQ72ngEr4K7YmE8jo0nrlwfjDUwcR:bm74zYcgT/Ekn0ryfjZo

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-01_437b9a86d6d5da9db870aabc9d140489_cryptolocker

Files

2024-05-01_437b9a86d6d5da9db870aabc9d140489_cryptolocker
.exe windows:5 windows x86 arch:x86

021d5e7849e90fdf4c65d3045c109483

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UpdateWindow
LoadCursorA
ShowWindow
PostQuitMessage
GetMessageA
EndPaint
DispatchMessageA
BeginPaint
TranslateMessage
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
GetWindowRect
SetWindowPos

kernel32

GetCurrentThreadId
CreateFileA
GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
GetCurrentDirectoryA
FindClose
GetFileSize
FindNextFileA
DeleteFileA
CloseHandle
GetCurrentProcessId
GetCurrentProcess

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.htext
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE