mountlocker | 4b917b60f4df6d6d08e895d179a22dcb7c38c6a6a6f39c96c3ded10368d86273

Sharing

Copy URL

Twitter E-mail

General

Target

4b917b60f4df6d6d08e895d179a22dcb7c38c6a6a6f39c96c3ded10368d86273
Size

77KB
MD5

23ba9903c5073f8637cfb4476ccc86b0
SHA1

268248c43bc4d9f803a1eb6a941b0bd5622d5445
SHA256

4b917b60f4df6d6d08e895d179a22dcb7c38c6a6a6f39c96c3ded10368d86273
SHA512

acdf49c35eaf42c37a57b89053ea24cf8935ed0062060be3903e257396063c1c0257df2a58712d9446a7881140c52be5a29d8c1cf9efdfcb8fea8de6288adc53

Score

10^/10

mountlocker

Malware Config

Signatures

Detected Mount Locker ransomware 1 IoCs

resource	yara_rule
sample	RANSOM_mountlocker

Mountlocker family
mountlocker

Files

4b917b60f4df6d6d08e895d179a22dcb7c38c6a6a6f39c96c3ded10368d86273
.exe windows x86

faf265da7da7d1e04d58cb43dd54f911

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_getch
memcpy
_vsnprintf
memset

user32

wsprintfW
CharLowerW

advapi32

CryptDestroyKey
CryptAcquireContextW
CryptEncrypt
CryptImportKey
CryptReleaseContext
GetNamedSecurityInfoW
SetNamedSecurityInfoW
FreeSid
AllocateAndInitializeSid
SetEntriesInAclA
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

shlwapi

StrCmpIW
StrStrIA
StrStrIW
SHRegSetUSValueW

kernel32

GetSystemDirectoryW
lstrlenA
GetComputerNameA
GetTempPathW
WriteFile
AllocConsole
SetConsoleCursorPosition
WriteConsoleA
GetStdHandle
GetConsoleScreenBufferInfo
GetTickCount
GetVolumeInformationW
FindFirstFileW
HeapFree
FindNextFileW
lstrlenW
FindClose
GetLastError
lstrcatW
HeapAlloc
LocalFree
GetProcessHeap
lstrcpyW
ExitProcess
CreateFileW
CloseHandle
GetCurrentProcess
TerminateProcess
OpenProcess
HeapReAlloc
GetCurrentProcessId
WideCharToMultiByte
SetErrorMode
CreateMutexW
GetWindowsDirectoryW
GetFileSizeEx
UnmapViewOfFile
GetTickCount64
SetFilePointerEx
CreateFileMappingW
MapViewOfFile
Sleep
CreateThread
lstrcmpiW
MoveFileW
GetDriveTypeW
GetCommandLineW
GetModuleFileNameW
CreateProcessW

ntdll

ZwQuerySystemInformation

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

bss
Size: - Virtual size: 32B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

faf265da7da7d1e04d58cb43dd54f911

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

user32

advapi32

shlwapi

kernel32

ntdll

Sections

.text Size: 8KB - Virtual size: 8KB

bss Size: - Virtual size: 32B

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 29KB - Virtual size: 30KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 8KB - Virtual size: 8KB

bss
Size: - Virtual size: 32B

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 29KB - Virtual size: 30KB

.reloc
Size: 6KB - Virtual size: 6KB