Static task
static1
Behavioral task
behavioral1
Sample
2024-05-11_1e42056ed5dd6d3a336bb196efa9dde4_cryptolocker.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2024-05-11_1e42056ed5dd6d3a336bb196efa9dde4_cryptolocker.exe
Resource
win10v2004-20240508-en
General
-
Target
2024-05-11_1e42056ed5dd6d3a336bb196efa9dde4_cryptolocker
-
Size
33KB
-
MD5
1e42056ed5dd6d3a336bb196efa9dde4
-
SHA1
cf9ec3f39d2ce864aa3861973a8e45977cffdcb2
-
SHA256
ea8587df48e40cbe077ae8f449af7af131acd40168f53d173edea937553b88b3
-
SHA512
e3c29a729c8ea7adc3afc344d341a57fb7633af5fba59cd3edbc5c04f5ba4eb6bdd6e4ca3a2f5ea050e4a95f3d5ba1501bcae5714d2b4b6f1a66d9136eac37a0
-
SSDEEP
768:bxNQIE0eBhkL2Fo1CCwgfjOg9Arbkzos5jmT:bxNrC7kYo1Fxf2rYPK
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
resource yara_rule sample CryptoLocker_rule2 -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-05-11_1e42056ed5dd6d3a336bb196efa9dde4_cryptolocker
Files
-
2024-05-11_1e42056ed5dd6d3a336bb196efa9dde4_cryptolocker.exe windows:5 windows x86 arch:x86
3c4da9ed0ba02990af7795e358bfd650
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
user32
PostQuitMessage
GetMessageA
UpdateWindow
EndPaint
DispatchMessageA
BeginPaint
TranslateMessage
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
GetWindowRect
LoadCursorA
ShowWindow
SetWindowPos
kernel32
GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
GetCurrentDirectoryA
FindClose
FindNextFileA
DeleteFileA
CloseHandle
GetCurrentProcess
CreateFileA
gdi32
CreateFontIndirectA
Sections
.text Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 518B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ