2024-06-04_3595ea09a88a320d90c08f2466b8b00f_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-04_3595ea09a88a320d90c08f2466b8b00f_cryptolocker
Size

63KB
MD5

3595ea09a88a320d90c08f2466b8b00f
SHA1

9190628b369ed4771159433a76d470cd17e474c5
SHA256

faa3bd983f6a4ab9f0d989518dffb1ec3c9fa432114e7445d75b431f0faa285d
SHA512

5af0dab045c102e6486942f65a59f40663ed27525a3564ad8bd89ad8f4c4213be8ad0bed59bb999b2792bdfabf4c173f5f1b27633bda9a5a43cdd65c5a88632d
SSDEEP

1536:btB9g/xtCSKfxLIc//Xr+/AO/kIZ3ft2nVuTKB6nggOlHdUHZnF7Hp:btng54SMLr+/AO/kIhfoKMHda3

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-04_3595ea09a88a320d90c08f2466b8b00f_cryptolocker

Files

2024-06-04_3595ea09a88a320d90c08f2466b8b00f_cryptolocker
.exe windows:5 windows x86 arch:x86

a2bfa209044e11b72a41f731968fdff2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

BeginPaint
DispatchMessageA
DrawTextA
EndPaint
TranslateMessage
PostQuitMessage
ShowWindow
UpdateWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
LoadCursorA
SetWindowPos
GetWindowRect
GetMessageA
DialogBoxParamA

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcessId
GetCurrentProcess
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ