2024-05-23_f44f39a75d5f7288c81d6c5d36b24cc3_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-23_f44f39a75d5f7288c81d6c5d36b24cc3_cryptolocker
Size

38KB
MD5

f44f39a75d5f7288c81d6c5d36b24cc3
SHA1

d0d91414471b378b2e268956c4484948ba93bf46
SHA256

af1dac8a4dcb883ea8338c1cdea60fa7747e6a2647a2c8b653746efbcf83df4f
SHA512

8515dc608d7392a63b8bb38e45c92a8b5ab7c52843e90ebede6957dd1cb9d9b12d8f24e00163b378fb25ba294428e51a5a61aa63833086f9255efdb2cdd3154c
SSDEEP

384:bM7Q0pjC4GybxMv01d3AcASBQMf6i/zzzcYgUPSznHzl6A0X/EIjxuaPW1:b/yC4GyNM01GuQMNXw2PSjH+PPxVW1

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-23_f44f39a75d5f7288c81d6c5d36b24cc3_cryptolocker

Files

2024-05-23_f44f39a75d5f7288c81d6c5d36b24cc3_cryptolocker
.exe windows:5 windows x86 arch:x86

ad86a1414a0514f4c041167365378f70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EndPaint
GetMessageA
DrawTextA
ShowWindow
UpdateWindow
DispatchMessageA
BeginPaint
TranslateMessage
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
GetWindowRect
LoadCursorA
PostQuitMessage
SetWindowPos

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
GetCurrentDirectoryA
FindClose
FindNextFileA
DeleteFileA
CloseHandle
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ