2024-06-04_c60be5c4a8ddef9741ff2a8333cce1a6_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-04_c60be5c4a8ddef9741ff2a8333cce1a6_cryptolocker
Size

37KB
MD5

c60be5c4a8ddef9741ff2a8333cce1a6
SHA1

1eff59ad1b17564d79c20c0d345db70fcf78072f
SHA256

6a152c199c9174093133ebab0ff511b7a592d41e0d5de6359d1f0c613f413461
SHA512

08b1109a07376024063794f1f94d2c4f8685c8312d37b6c63a906bc48585572eb32d5a4f5fb0665f2297f3fbffbe0544546898845f5f0480ce147e3480aeed24
SSDEEP

384:btBYQg/WIEhUCSNyepEjYnDOAlzVol6U/zzo+tkq4l8tFFxE2B0qvoLUZ61VSl3a:btB9g/WItCSsAGjX7r3BTmUQ1VmC0M

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-04_c60be5c4a8ddef9741ff2a8333cce1a6_cryptolocker

Files

2024-06-04_c60be5c4a8ddef9741ff2a8333cce1a6_cryptolocker
.exe windows:5 windows x86 arch:x86

a2bfa209044e11b72a41f731968fdff2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

BeginPaint
DispatchMessageA
DrawTextA
EndPaint
TranslateMessage
PostQuitMessage
ShowWindow
UpdateWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
LoadCursorA
SetWindowPos
GetWindowRect
GetMessageA
DialogBoxParamA

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcessId
GetCurrentProcess
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ