mountlocker | c09b509699aeef71f3e205d53c5f4ff71cb48570[.]rl

Sharing

Copy URL

Twitter E-mail

General

Target

c09b509699aeef71f3e205d53c5f4ff71cb48570.rl
Size

77KB
MD5

0aacf2c41ba9b872a52055ffcaeaef15
SHA1

c09b509699aeef71f3e205d53c5f4ff71cb48570
SHA256

31630d16f4564c7a214a206a58f60b7623cd1b3abb823d10ed50aa077ca33585
SHA512

d259de51d22d72d27d5947530317661b97ba8fcc36e7a2ad4835e98bc311ef1aa5964f939660733171934f6aefa82d8b76a6f9f04137e1aeca63d592f0fb26ec
SSDEEP

1536:rADwfmySY6FIsr4XSZ32tcOGwpin2NI2F4cd:UDwTF6+srGi32tcOGwpin2NMcd

Score

10^/10

mountlocker

Malware Config

Signatures

Detected Mount Locker ransomware 1 IoCs

resource	yara_rule
sample	RANSOM_mountlocker

Mountlocker family
mountlocker

Files

c09b509699aeef71f3e205d53c5f4ff71cb48570.rl
.dll regsvr32 windows x86

3ed064db4497f6c1585d30769313240b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
GetCurrentProcessId
WideCharToMultiByte
SetErrorMode
CreateMutexW
GetWindowsDirectoryW
GetFileSizeEx
UnmapViewOfFile
GetTickCount64
SetFilePointerEx
CreateFileMappingW
MapViewOfFile
Sleep
CreateThread
lstrcmpiW
TerminateProcess
GetDriveTypeW
GetCommandLineW
GetModuleFileNameW
ExitProcess
lstrlenA
GetComputerNameA
GetTempPathW
CreateProcessW
GetTickCount
GetConsoleScreenBufferInfo
GetStdHandle
WriteConsoleA
SetConsoleCursorPosition
AllocConsole
GetSystemDirectoryW
OpenProcess
GetCurrentProcess
CloseHandle
CreateFileW
WriteFile
lstrcpyW
GetProcessHeap
LocalFree
HeapAlloc
lstrcatW
GetLastError
FindClose
lstrlenW
FindNextFileW
HeapFree
FindFirstFileW
MoveFileW
GetVolumeInformationW

advapi32

CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetEntriesInAclA
AllocateAndInitializeSid
FreeSid
SetNamedSecurityInfoW
GetNamedSecurityInfoW
CryptAcquireContextW

msvcrt

_vsnprintf
_getch
memcpy
memset

shlwapi

SHRegSetUSValueW
StrStrIA
StrStrIW
StrCmpIW

ntdll

ZwQuerySystemInformation

user32

wsprintfW
CharLowerW

Exports

Exports

DllInstall
DllRegisterServer
Start

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

bss
Size: - Virtual size: 36B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ed064db4497f6c1585d30769313240b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msvcrt

shlwapi

ntdll

user32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

bss Size: - Virtual size: 36B

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 29KB - Virtual size: 30KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 8KB - Virtual size: 8KB

bss
Size: - Virtual size: 36B

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 29KB - Virtual size: 30KB

.reloc
Size: 6KB - Virtual size: 6KB