API tools faq
paste
Advertisement
bartblaze

Cryptographic Locker (CryptoLocker copy)

bartblaze
Sep 2nd, 2014
823
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.66 KB | None | 0 0
raw download clone embed print report
  1. Sample ccae2400a50a3f2435d7ef1b11e7497c
  2. Dumped e82872c4039945e9bf1b41ae2e3f12fb
  3. Dropper c32354ee13930113072fdba163dc8ca4
  4.  
  5. Images: http://imgur.com/a/5xf6l
  6.  
  7. (Older sample a489e781db78472dedd657be21aca604)
  8.  
  9.  
  10. pescanner run of ccae2400a50a3f2435d7ef1b11e7497c // original sample //
  11. ################################################################################
  12. Record 0
  13. ################################################################################
  14.  
  15. Meta-data
  16. ================================================================================
  17. File: Locker.exe_
  18. Size: 140800 bytes
  19. Type: PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly
  20. MD5: ccae2400a50a3f2435d7ef1b11e7497c
  21. SHA1: 0f86c35697d16b2516601e9472264b87259672f2
  22. ssdeep: 3072:Ey/XPVXCM33kUBfH6rrUi4x0aW8W9MdwmTZ/yArUi:V/MAUUBOrUiUW9UNrUi
  23. Date: 0x5404BD0B [Mon Sep 1 18:38:03 2014 UTC]
  24. EP: 0x41f86e .text 0/3
  25. CRC: Claimed: 0x2dace, Actual: 0x2dace
  26.  
  27. Resource entries
  28. ================================================================================
  29. Name RVA Size Lang Sublang Type
  30. --------------------------------------------------------------------------------
  31. RT_ICON 0x203d0 0x4136 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
  32. RT_GROUP_ICON 0x24508 0x14 LANG_NEUTRAL SUBLANG_NEUTRAL MS Windows icon resource - 1 icon
  33. RT_VERSION 0x20130 0x2a0 LANG_NEUTRAL SUBLANG_NEUTRAL data
  34. RT_MANIFEST 0x24520 0x1ea LANG_NEUTRAL SUBLANG_NEUTRAL XML document text
  35.  
  36. Sections
  37. ================================================================================
  38. Name VirtAddr VirtSize RawSize Entropy
  39. --------------------------------------------------------------------------------
  40. .text 0x2000 0x1d874 0x1da00 7.525804 [SUSPICIOUS]
  41. .rsrc 0x20000 0x4710 0x4800 7.806567 [SUSPICIOUS]
  42. .reloc 0x26000 0xc 0x200 0.101910 [SUSPICIOUS]
  43.  
  44. Version info
  45. ================================================================================
  46. Translation: 0x0000 0x04b0
  47. LegalCopyright: Copyright \xa9 2014
  48. Assembly Version: 1.0.0.0
  49. InternalName: Locker.exe
  50. FileVersion: 1.0.0.0
  51. ProductName: Locker
  52. ProductVersion: 1.0.0.0
  53. FileDescription: Locker
  54. OriginalFilename: Locker.exe
  55.  
  56.  
  57. Packer: Microsoft Visual C# / Basic .NET
  58.  
  59. PeStudio output: http://i.imgur.com/UseuueX.jpg
  60.  
  61. Samples available at http://kernelmode.info/forum/viewtopic.php?f=16&t=3466
  62. ======================================================= EOF
  63. @bartblaze
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!