mountlocker | 6f9bed90c1d6df1c7b259f832130b5fef5e0d0c9dc6c2564dad53dc0ca30bb0e_unpacked

Sharing

Copy URL

Twitter E-mail

General

Target

6f9bed90c1d6df1c7b259f832130b5fef5e0d0c9dc6c2564dad53dc0ca30bb0e_unpacked
Size

68KB
MD5

49d8bd6dcaa501ca742bd686c161e5e0
SHA1

9acdd840615e4f4cd37f50e66b7bb7bb222d4fca
SHA256

6f9bed90c1d6df1c7b259f832130b5fef5e0d0c9dc6c2564dad53dc0ca30bb0e
SHA512

26d480f4480c99093859d3bb697dacc69c7165fc75603c717db6c1d0959463d7d9a33a32d3e1ec5360b0d031db4b77734f0ebcbf2bafb46b7390e1967d8a7b12
SSDEEP

768:PjzkUtPX7y4J6IjDcGopwx2P+9n+PLcHosFBLtuBDUaDO2y:0aXG4HtEPina7AdY3y

Score

10^/10

mountlocker

Malware Config

Signatures

Detected Mount Locker ransomware 1 IoCs

Processes:

resource yara_rule

sample RANSOM_mountlocker
Mountlocker family
mountlocker

resource	yara_rule
sample	RANSOM_mountlocker

Files

6f9bed90c1d6df1c7b259f832130b5fef5e0d0c9dc6c2564dad53dc0ca30bb0e_unpacked
.dll windows x64

78509ad56ec14f7319edbada4c77f54d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReleaseSemaphore
WaitForSingleObject
GetTickCount64
SetEvent
CreateThread
CreateSemaphoreA
CreateEventA
DeviceIoControl
SetFileAttributesW
lstrcmpiW
TerminateThread
ResetEvent
ReadFile
GetFileSizeEx
TlsSetValue
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
TlsGetValue
GetDriveTypeW
GetCommandLineW
ExitProcess
QueryPerformanceCounter
lstrlenA
TlsAlloc
GetComputerNameA
TerminateProcess
OpenProcess
lstrcmpiA
GetModuleFileNameW
GetTempPathW
CreateProcessW
GetSystemInfo
GetComputerNameW
GlobalMemoryStatus
DeleteFileW
CopyFileW
GetConsoleScreenBufferInfo
EnterCriticalSection
GetStdHandle
LeaveCriticalSection
InitializeCriticalSection
WriteConsoleW
DeleteCriticalSection
SetConsoleCursorPosition
AllocConsole
QueryPerformanceFrequency
GetTickCount
Sleep
GetCurrentProcess
WideCharToMultiByte
GetCurrentProcessId
HeapReAlloc
SetLastError
CloseHandle
CreateFileW
WriteFile
GetLastError
FindClose
FindNextFileW
HeapFree
FindFirstFileW
GetVolumeInformationW
lstrcpyW
GetProcessHeap
HeapAlloc
lstrcatW
lstrlenW
SetErrorMode
RtlVirtualUnwind

activeds

ord9

shell32

CommandLineToArgvW
ord680

mpr

WNetCloseEnum
WNetEnumResourceW
WNetAddConnection2W
WNetOpenEnumW
WNetCancelConnection2W

netapi32

NetGetDCName
NetApiBufferFree
NetShareEnum
NetGetJoinInformation

oleaut32

SysFreeString
SysAllocString

user32

wsprintfW

ole32

CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
CoCreateInstance

msvcrt

memcpy
feof
_vsnwprintf
_getch
fgetws
_wfopen
fclose
memset

advapi32

CryptDestroyKey
OpenServiceA
QueryServiceStatusEx
StartServiceW
ControlService
DeleteService
OpenSCManagerA
OpenSCManagerW
CryptAcquireContextW
CreateServiceW
EnumServicesStatusA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
LookupAccountSidW
GetUserNameW
CloseServiceHandle
CryptReleaseContext
CryptImportKey
CryptEncrypt

ntdll

RtlGetNativeSystemInformation
ZwQuerySystemInformation
RtlGetVersion

shlwapi

StrCmpIW
StrStrIA
StrCmpNIW
SHRegSetUSValueW
StrStrIW
StrChrW

Exports

Exports

StartW
startW

Sections

.text
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

bss
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78509ad56ec14f7319edbada4c77f54d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

activeds

shell32

mpr

netapi32

oleaut32

user32

ole32

msvcrt

advapi32

ntdll

shlwapi

Exports

Exports

Sections

.text Size: 26KB - Virtual size: 28KB

bss Size: 512B - Virtual size: 4KB

.rdata Size: 21KB - Virtual size: 24KB

.data Size: 17KB - Virtual size: 20KB

.pdata Size: 1024B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 212B

.text
Size: 26KB - Virtual size: 28KB

bss
Size: 512B - Virtual size: 4KB

.rdata
Size: 21KB - Virtual size: 24KB

.data
Size: 17KB - Virtual size: 20KB

.pdata
Size: 1024B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 212B