2024-05-20_8ee6bf66f573590b7c5478d914f22f6d_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-20_8ee6bf66f573590b7c5478d914f22f6d_cryptolocker
Size

38KB
MD5

8ee6bf66f573590b7c5478d914f22f6d
SHA1

f3336cfdbac094b514ad968332da08b0b7a9d731
SHA256

2131733d273cff3067fe11fbbca9f0af15784c027a11766c6cddd14d3e84db45
SHA512

2dc221b8b917d89c17fd870d861139949b3e50a2ea00962adef9dd3c48f74448dd1a09cc8e27d131227e6c479876de05dd80d7af147f968fb4a1fbb5b1be828b
SSDEEP

384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznHzl6A0X/EIjxuaP6:b/yC4GyNM01GuQMNXw2PSjH+PPxV6

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-20_8ee6bf66f573590b7c5478d914f22f6d_cryptolocker

Files

2024-05-20_8ee6bf66f573590b7c5478d914f22f6d_cryptolocker
.exe windows:5 windows x86 arch:x86

ad86a1414a0514f4c041167365378f70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EndPaint
GetMessageA
DrawTextA
ShowWindow
UpdateWindow
DispatchMessageA
BeginPaint
TranslateMessage
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
GetWindowRect
LoadCursorA
PostQuitMessage
SetWindowPos

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
GetCurrentDirectoryA
FindClose
FindNextFileA
DeleteFileA
CloseHandle
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ