2024-06-14_33a5d31a98252e33505837588cad0d9d_cryptolocker

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-14_33a5d31a98252e33505837588cad0d9d_cryptolocker
Size

45KB
MD5

33a5d31a98252e33505837588cad0d9d
SHA1

68ac4212fa941c51354a77337c72fd9395f72e46
SHA256

a6962899f0ecc71787970bf635d23363835c7801242a57d8de63134d869cc5ae
SHA512

c4174104fd5a74776e3069aa6d9e74ee21640fca0a000f117abaa56f66ccd504a30cbf252cb89fe69be5a5e4a99763f381ae60e29f1b4e2241d8548e1f075b8b
SSDEEP

768:bao/2n1TCraU6GD1a4X1XOQ69zbjlAAX5e9zU:bF/y2lFizbR9XwzU

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Files

2024-06-14_33a5d31a98252e33505837588cad0d9d_cryptolocker
.exe windows:5 windows x86 arch:x86

78f4abb8610ca1c22ad9f81ecfabcc3c

Code Sign

33:00:00:04:39:f6:1f:7a:67:6d:a0:00:af:00:00:00:00:04:39
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:25

Not After

01-09-2022 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:33

Not After

01-09-2022 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ae:b0:38:5f:53:b2:8d:3c:f7:73:71:e3:78:ca:6c:a0:16:16:03:31:d4:fd:d8:ca:84:64:80:17:6e:bf:1d:79
Signer

Actual PE Digest

ae:b0:38:5f:53:b2:8d:3c:f7:73:71:e3:78:ca:6c:a0:16:16:03:31:d4:fd:d8:ca:84:64:80:17:6e:bf:1d:79

Digest Algorithm

sha256

PE Digest Matches

false

ae:b0:38:5f:53:b2:8d:3c:f7:73:71:e3:78:ca:6c:a0:16:16:03:31:d4:fd:d8:ca:84:64:80:17:6e:bf:1d:79
Signer

Actual PE Digest

ae:b0:38:5f:53:b2:8d:3c:f7:73:71:e3:78:ca:6c:a0:16:16:03:31:d4:fd:d8:ca:84:64:80:17:6e:bf:1d:79

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

TranslateMessage
BeginPaint
DispatchMessageA
DrawTextA
CreateWindowExA
GetMessageA
PostQuitMessage
ShowWindow
UpdateWindow
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
LoadCursorA
SetWindowPos
GetWindowRect
EndPaint
DialogBoxParamA

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
GetCurrentDirectoryA
CloseHandle
GetCurrentProcess
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78f4abb8610ca1c22ad9f81ecfabcc3c

Code Sign

33:00:00:04:39:f6:1f:7a:67:6d:a0:00:af:00:00:00:00:04:39Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

ae:b0:38:5f:53:b2:8d:3c:f7:73:71:e3:78:ca:6c:a0:16:16:03:31:d4:fd:d8:ca:84:64:80:17:6e:bf:1d:79Signer

ae:b0:38:5f:53:b2:8d:3c:f7:73:71:e3:78:ca:6c:a0:16:16:03:31:d4:fd:d8:ca:84:64:80:17:6e:bf:1d:79Signer

Headers

File Characteristics

Imports

user32

kernel32

gdi32

Sections

.text Size: 11KB - Virtual size: 10KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 10KB - Virtual size: 10KB

33:00:00:04:39:f6:1f:7a:67:6d:a0:00:af:00:00:00:00:04:39
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

ae:b0:38:5f:53:b2:8d:3c:f7:73:71:e3:78:ca:6c:a0:16:16:03:31:d4:fd:d8:ca:84:64:80:17:6e:bf:1d:79
Signer

ae:b0:38:5f:53:b2:8d:3c:f7:73:71:e3:78:ca:6c:a0:16:16:03:31:d4:fd:d8:ca:84:64:80:17:6e:bf:1d:79
Signer

.text
Size: 11KB - Virtual size: 10KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 10KB - Virtual size: 10KB