mountlocker | ed6e7169456ef1f41f6a45812dda7d98_JaffaCakes118

Resubmissions

30-04-2024 05:29

240430-f6xncade75 10

11-04-2024 13:06

240411-qb4taafb9w 10

11-04-2024 12:33

240411-pq9seaeg2z 10

Sharing

Copy URL

Twitter E-mail

General

Target

ed6e7169456ef1f41f6a45812dda7d98_JaffaCakes118
Size

56KB
MD5

ed6e7169456ef1f41f6a45812dda7d98
SHA1

c82733e2d394b272db6cbf49aa8a1207c8d9fb87
SHA256

85b53edb2e3476bdb29f98bd19c56baa0205e6620917e654cbe81c9745d6193d
SHA512

0e7d3dbe68de4301501df68b1eeb36bf68ca3ea61091710352f68f09f8f9b8b96888ccb2419330b2fbd7b592bd98b583aaea818345c87d591b9b0a96845b8d87
SSDEEP

768:65h+QW4yKs5INTjabOSQwrPG12nFb5GnVWs6k:63XWNKQ2jnSQyNnFbgN

Score

10^/10

mountlocker

Malware Config

Signatures

Detected Mount Locker ransomware 1 IoCs

resource	yara_rule
sample	RANSOM_mountlocker

Mountlocker family
mountlocker

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed6e7169456ef1f41f6a45812dda7d98_JaffaCakes118

Files

ed6e7169456ef1f41f6a45812dda7d98_JaffaCakes118
.dll windows:5 windows x86 arch:x86

deaeac6ea99cefbd56d96a5bd85d0481

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

activeds

ord9

kernel32

GetCurrentProcess
ReleaseSemaphore
WaitForSingleObject
GetTickCount64
SetEvent
CreateThread
CreateSemaphoreA
CreateEventA
DeviceIoControl
SetFileAttributesW
lstrcmpiW
TerminateThread
ResetEvent
ReadFile
GetFileSizeEx
TlsSetValue
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
TlsGetValue
GetDriveTypeW
GetCommandLineW
QueryPerformanceFrequency
SetErrorMode
lstrlenA
TlsAlloc
GetComputerNameA
TerminateProcess
OpenProcess
lstrcmpiA
GetModuleFileNameW
GetTempPathW
CreateProcessW
GetSystemInfo
GetComputerNameW
GlobalMemoryStatus
DeleteFileW
CopyFileW
GetConsoleScreenBufferInfo
EnterCriticalSection
GetStdHandle
LeaveCriticalSection
InitializeCriticalSection
WriteConsoleW
DeleteCriticalSection
SetConsoleCursorPosition
AllocConsole
QueryPerformanceCounter
GetTickCount
Sleep
WideCharToMultiByte
GetCurrentProcessId
HeapReAlloc
SetLastError
CloseHandle
CreateFileW
WriteFile
GetLastError
FindClose
FindNextFileW
HeapFree
FindFirstFileW
GetVolumeInformationW
lstrcpyW
GetProcessHeap
HeapAlloc
lstrcatW
lstrlenW
ExitProcess

advapi32

LookupAccountSidW
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
EnumServicesStatusA
CreateServiceW
CloseServiceHandle
OpenSCManagerW
OpenSCManagerA
DeleteService
ControlService
StartServiceW
QueryServiceStatusEx
OpenServiceA
CryptDestroyKey
CryptAcquireContextW
CryptEncrypt
CryptImportKey
CryptReleaseContext
GetUserNameW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance

netapi32

NetApiBufferFree
NetGetJoinInformation
NetShareEnum
NetGetDCName

shlwapi

StrChrW
StrCmpNIW
StrCmpIW
StrStrIW
StrStrIA
SHRegSetUSValueW

shell32

CommandLineToArgvW
ord680

msvcrt

memcpy
_getch
_vsnwprintf
feof
fgetws
_wfopen
fclose
memset

oleaut32

SysFreeString
SysAllocString

mpr

WNetEnumResourceW
WNetCancelConnection2W
WNetOpenEnumW
WNetAddConnection2W
WNetCloseEnum

user32

wsprintfW

ntdll

RtlGetNativeSystemInformation
RtlGetVersion
ZwQuerySystemInformation

Exports

Exports

StartW
startW

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

bss
Size: - Virtual size: 104B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

deaeac6ea99cefbd56d96a5bd85d0481

Headers

DLL Characteristics

File Characteristics

Imports

activeds

kernel32

advapi32

ole32

netapi32

shlwapi

shell32

msvcrt

oleaut32

mpr

user32

ntdll

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 18KB

bss Size: - Virtual size: 104B

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 16KB - Virtual size: 17KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 18KB

bss
Size: - Virtual size: 104B

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 16KB - Virtual size: 17KB

.reloc
Size: 2KB - Virtual size: 1KB