2024-05-15_bc8b60062177ee13b5b5333a88d4b0c6_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-15_bc8b60062177ee13b5b5333a88d4b0c6_cryptolocker
Size

34KB
MD5

bc8b60062177ee13b5b5333a88d4b0c6
SHA1

42762d13d05350fff7ec9c1d4fd0dd52bb5eda6d
SHA256

147329afdde1a49ddb55d7fb3f75d39033fc4f31be655964aa0ba70c9c269d98
SHA512

6483713e6c587fd315a7369da815c93cfc3dbd4ce267492c9c95ffe1e91dc685ccd40c0105252084e040f9de1e2d27eee142833d4d3f06d1a2b68ccc3a8a1069
SSDEEP

768:bxNQIE0eBhkL2Fo1CCwgfjOg9Arbkzos5R:bxNrC7kYo1Fxf2rY9

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-15_bc8b60062177ee13b5b5333a88d4b0c6_cryptolocker

Files

2024-05-15_bc8b60062177ee13b5b5333a88d4b0c6_cryptolocker
.exe windows:5 windows x86 arch:x86

3c4da9ed0ba02990af7795e358bfd650

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PostQuitMessage
GetMessageA
UpdateWindow
EndPaint
DispatchMessageA
BeginPaint
TranslateMessage
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
GetWindowRect
LoadCursorA
ShowWindow
SetWindowPos

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
GetCurrentDirectoryA
FindClose
FindNextFileA
DeleteFileA
CloseHandle
GetCurrentProcess
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ