2024-06-08_0ff71f6b0edc8131b9d4b3d2d7e87f63_cryptolocker

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-08_0ff71f6b0edc8131b9d4b3d2d7e87f63_cryptolocker
Size

5.5MB
MD5

0ff71f6b0edc8131b9d4b3d2d7e87f63
SHA1

1e08e91f9a465e139660eb9d8a6e9c2c5232e8e8
SHA256

cb9025778225749f372daabce2da3b9abea49c7cfb1863cdaa863955b73c9c8e
SHA512

d2a1873dda88925eccfff3edf747d9c0b08a9ae1d6319b374752f1452b61a0ff50f933ba8d586fc5dc3be050da74029b1a82c58961fd6656ea4f2dd8a0a7dbd0
SSDEEP

98304:Vd3WWklj4b+ZTRXb81tTFjWYt8nfa9WfkOsm5UfjQNYT/StkkLlDzXgsOUlE8Fb:Vd3Vklsb+ZKyYt8fMtOsm5UfjQNqSKcp

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-08_0ff71f6b0edc8131b9d4b3d2d7e87f63_cryptolocker

Files

2024-06-08_0ff71f6b0edc8131b9d4b3d2d7e87f63_cryptolocker
.exe windows:5 windows x86 arch:x86

d234aa15b2f3e24689c37424e8f7571e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PostQuitMessage
CharUpperBuffW

kernel32

GetLastError
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

gdi32

CreateFontIndirectA

Sections

.text
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.+o$
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.4nt
Size: - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.htext
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ei;
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.f|z
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.=b=
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d234aa15b2f3e24689c37424e8f7571e

Headers

File Characteristics

Imports

user32

kernel32

gdi32

Sections

.text Size: - Virtual size: 11KB

.rdata Size: - Virtual size: 1KB

.data Size: - Virtual size: 1KB

.+o$ Size: - Virtual size: 10KB

.4nt Size: - Virtual size: 536B

.htext Size: - Virtual size: 4KB

.ei; Size: - Virtual size: 3.0MB

.f|z Size: 1024B - Virtual size: 976B

.=b= Size: 5.5MB - Virtual size: 5.5MB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: - Virtual size: 11KB

.rdata
Size: - Virtual size: 1KB

.data
Size: - Virtual size: 1KB

.+o$
Size: - Virtual size: 10KB

.4nt
Size: - Virtual size: 536B

.htext
Size: - Virtual size: 4KB

.ei;
Size: - Virtual size: 3.0MB

.f|z
Size: 1024B - Virtual size: 976B

.=b=
Size: 5.5MB - Virtual size: 5.5MB

.rsrc
Size: 11KB - Virtual size: 10KB