2024-06-19_5fa0b44f2516ff6b3981341075e28d8f_cryptolocker | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-19_5fa0b44f2516ff6b3981341075e28d8f_cryptolocker
Size

44KB
MD5

5fa0b44f2516ff6b3981341075e28d8f
SHA1

adcc20e0ce379925a603636567703743b5cbea27
SHA256

20fc6c8616796e01d2dd8e30665d27c68b5eecea49cee32c052b6cf6b82cf64a
SHA512

48a2b8246f3b4db792325610bff5e1e0d06ed0713e2ca09d835685600f795e37d6dc7da64efeffaea24d9b515c9742e12eb9bb1044dc608cd27c8fc1b242b2a7
SSDEEP

384:bm74uGLLQRcsdeQ72ngEr4K7YmE8jb0nrlwfjDUadQut:bm74zYcgT/EkM0ryfjPdQA

Score

10^/10

Malware Config

Signatures

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-19_5fa0b44f2516ff6b3981341075e28d8f_cryptolocker

Files

2024-06-19_5fa0b44f2516ff6b3981341075e28d8f_cryptolocker
.exe windows:5 windows x86 arch:x86

021d5e7849e90fdf4c65d3045c109483

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UpdateWindow
LoadCursorA
ShowWindow
PostQuitMessage
GetMessageA
EndPaint
DispatchMessageA
BeginPaint
TranslateMessage
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
GetWindowRect
SetWindowPos

kernel32

GetCurrentThreadId
CreateFileA
GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
GetCurrentDirectoryA
FindClose
GetFileSize
FindNextFileA
DeleteFileA
CloseHandle
GetCurrentProcessId
GetCurrentProcess

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.htext
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE