mountlocker | 0aa8099c5a65062ba4baec8274e1a0650ff36e757a91312e1755fded50a79d47[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0aa8099c5a65062ba4baec8274e1a0650ff36e757a91312e1755fded50a79d47.exe
Size

94KB
MD5

b63a8bfdf7df9f9dd8c3bedb99b6f8ff
SHA1

9e61b0960ac40452067720e8839b71ef10c05949
SHA256

0aa8099c5a65062ba4baec8274e1a0650ff36e757a91312e1755fded50a79d47
SHA512

8a1ae8c6fde917e6a53f33a13cef8065a90a6b31a84f4b8effbd1527ad1769d4712e37e31e65594aaea35d4bad80a0c0499404e8267c305500f8ed4ce5fa304b
SSDEEP

1536:zumzFe61Icro3yJn2ds+Gwpin2MR1n7H7ur/5WgS09clN1dtVl1dFt9lN1dtV9lK:zuP6ucrWSn2ds+Gwpin2mMr/UH0S

Score

10^/10

mountlocker

Malware Config

Signatures

Detected Mount Locker ransomware 1 IoCs

resource	yara_rule
sample	RANSOM_mountlocker

Mountlocker family
mountlocker

Files

0aa8099c5a65062ba4baec8274e1a0650ff36e757a91312e1755fded50a79d47.exe
.exe windows x64

5b0578e18ca22d381728c9f353967246

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_getch
_vsnprintf
memset

kernel32

GetCurrentProcess
TerminateProcess
OpenProcess
HeapReAlloc
GetCurrentProcessId
WideCharToMultiByte
SetErrorMode
CreateMutexW
GetWindowsDirectoryW
GetFileSizeEx
UnmapViewOfFile
GetTickCount64
SetFilePointerEx
CreateFileMappingW
MapViewOfFile
CreateFileW
CreateThread
lstrcmpiW
MoveFileW
GetDriveTypeW
GetCommandLineW
GetModuleFileNameW
ExitProcess
WriteFile
GetComputerNameA
GetTempPathW
CreateProcessW
GetTickCount
GetConsoleScreenBufferInfo
GetStdHandle
WriteConsoleA
SetConsoleCursorPosition
AllocConsole
GetSystemDirectoryW
lstrcpyW
GetProcessHeap
LocalFree
HeapAlloc
lstrcatW
GetLastError
FindClose
lstrlenW
FindNextFileW
HeapFree
FindFirstFileW
GetVolumeInformationW
CloseHandle
Sleep
lstrlenA

shlwapi

StrStrIA
StrCmpIW
SHRegSetUSValueW
StrStrIW

ntdll

ZwQuerySystemInformation

user32

wsprintfW
CharLowerW

advapi32

CryptEncrypt
CryptImportKey
SetNamedSecurityInfoW
GetNamedSecurityInfoW
AllocateAndInitializeSid
SetEntriesInAclA
CryptAcquireContextW
CryptDestroyKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CryptReleaseContext
FreeSid

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

bss
Size: - Virtual size: 48B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b0578e18ca22d381728c9f353967246

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

shlwapi

ntdll

user32

advapi32

Sections

.text Size: 10KB - Virtual size: 9KB

bss Size: - Virtual size: 48B

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 41KB - Virtual size: 42KB

.pdata Size: 512B - Virtual size: 408B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 10KB - Virtual size: 9KB

bss
Size: - Virtual size: 48B

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 41KB - Virtual size: 42KB

.pdata
Size: 512B - Virtual size: 408B

.reloc
Size: 6KB - Virtual size: 5KB