MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b25818cfa65b13e2be6358f5c28dfae35578d72fea8d0120486d8ec6629a1bf4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b25818cfa65b13e2be6358f5c28dfae35578d72fea8d0120486d8ec6629a1bf4
SHA3-384 hash: 6cd627132bf136b72906228e6758fbb2ccb959899f349b67c32d93625e0ee2d1a536446f69fa3ebd05cf2d364e242460
SHA1 hash: 8c277a2c32d211b5faa0dd65a8872c903e1ed429
MD5 hash: 5e5043a0455e8652d0a58c8611e47903
humanhash: delaware-chicken-moon-lion
File name:WinLock.bin
Download: download sample
File size:492'544 bytes
First seen:2022-05-25 10:15:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 32a3b7658be85c7c43fe36e3e5b0f5a3
ssdeep 12288:Lp/PKhWltltmVU/BvHLts2kBrHVJ0cjdUMBsXj95RN:EhWlPtr/BvHJsLHiYBsXj9nN
Threatray 7'735 similar samples on MalwareBazaar
TLSH T19FA42383F743BD13C526AEF11291C7149F1048F91A9A7FBB9E1DF85ABAFE4025940352
TrID 54.9% (.EXE) UPX compressed Win32 Executable (27066/9/6)
13.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
9.1% (.EXE) Win32 Executable (generic) (4505/5/1)
6.0% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
4.2% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):PE icon
dhash icon b24dce030fcc4db2
Reporter KdssSupport
Tags:exe Ransomware RU ScreenLock

Intelligence

File Origin
# of uploads :
1
# of downloads :
438
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
WinLock.exe
Verdict:
Malicious activity
Analysis date:
2022-05-25 10:13:01 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/35942de7-2575-4033-ac7e-11a567716c37

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/274462/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a window
Setting a keyboard event handler
Launching a process
Searching for synchronization primitives
Modifying a system executable file
Forced system process termination
Changing a file
Launching a service
Creating a file
Forced shutdown of a system process
Blocking a possibility to launch for the Windows Task Manager (taskmgr)
Blocking a possibility to launch for cmd.exe command interpreter
Blocking the User Account Control
Changing the Windows explorer settings
Enabling autorun
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed virus
Link:
https://www.filescan.io/uploads/628e01e6370bb1455cc50b67/reports/7a926abe-821e-4eab-99f3-99e7a912f9d7/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f022f352-8da5-4d42-a585-9e3c7b0ccf7d
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1001466
Signature
Antivirus / Scanner detection for submitted sample
Creates an undocumented autostart registry key
Disables the Windows task manager (taskmgr)
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b25818cfa65b13e2be6358f5c28dfae35578d72fea8d0120486d8ec6629a1bf4/
Threat name:
Win32.Virus.Induc
Create hunting rule
Status:
Malicious
First seen:
2022-05-25 11:19:08 UTC
File Type:
PE (Exe)
Extracted files:
138
AV detection:
19 of 26 (73.08%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
280c0b36b6fa306389e7873dadf56eb45437c8a208640ff36d61a3e271c94ef7
4ab4e1998e42ef5cc96cf53aed6743f96607af23841a36f255ed1be6c8b31461
6d54ef759cbcc73312b8e8f7a9e943832d4fd7a0af142193068f908805342b47
84a40405e621a10c9259ff45e052fab0789a6ff956eb95985a12d715d64e5b72
9b449e67ecf6521b887e04222783587e7295080a9b658ce86a689a1aab79ba46
9f86527e3ca4530bb3209d8608dae083afab4ef2cf7b0ae23bcd6fdc322a0c33
f55b5576d248b3bf0683f71fdae522a5c91ef87bb7e8dbded251e364687f3586
facfe6d03ae63e1cb28ac57bcbc366a17b1d7dea227dbb87de6d0cb98bb53feb
+ 7'725 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion persistence trojan upx
Link:
https://tria.ge/reports/220525-massvadffq/
Behaviour
Suspicious behavior: EnumeratesProcesses
System policy modification
Enumerates physical storage devices
Checks whether UAC is enabled
Disables Task Manager via registry modification
Sets file execution options in registry
UAC bypass
Unpacked files
SH256 hash:
b05783a8f799c4625093a1546b03a62bb4f3392014dfb987541d3eefe461f787
MD5 hash:
61706541da814fa933fc6d35da5dee31
SHA1 hash:
a2051f18dece1ca8dff848cd19e5d0df8f0230e4
Link:
https://www.unpac.me/results/b0b4b2ef-ef09-4c5e-a902-08721aa852b5/
SH256 hash:
681103d0616a421678f02ccc6be4a89f7ab21ac8d52b3ce3e4ef771920de6585
MD5 hash:
f2fe11c3632fe9b2825ed8a180fd6955
SHA1 hash:
a48ba3150fbfabb83a22852a075561d44ff86178
Link:
https://www.unpac.me/results/b0b4b2ef-ef09-4c5e-a902-08721aa852b5/
SH256 hash:
beb17a6eef56b503d3420edf84a4ac2cf740a9a011d1b0df53b1ff2edccded2b
MD5 hash:
b36e78e491d47e115ce7766655b9ad7d
SHA1 hash:
7bda51609e88e08fcc0bbdc1cacae27b24798c8a
Link:
https://www.unpac.me/results/b0b4b2ef-ef09-4c5e-a902-08721aa852b5/
SH256 hash:
82fa21b15bff80b2c3f4cacc1feee314e700da41808337ff59b590555d78fe8b
MD5 hash:
fb82c0bf787397eb0c0d2ca261b5febe
SHA1 hash:
74f48d170951b2b954ea2c29e4b9b5b09489b0bc
Link:
https://www.unpac.me/results/b0b4b2ef-ef09-4c5e-a902-08721aa852b5/
SH256 hash:
32cf4dab171523f985bce8dc4b765dfb4852c794108f1a7037a0db68092335ec
MD5 hash:
084eb420182410ec20f9934c0bfe7821
SHA1 hash:
3c48b1983cf6f218ccc81b7576c33282f8739ad4
Link:
https://www.unpac.me/results/b0b4b2ef-ef09-4c5e-a902-08721aa852b5/
SH256 hash:
2f3a6b809c5700e339ae649644cc79d6f7635ccd0740220abcf83e84a9ed3190
MD5 hash:
cc9e1382c058e2fca45cbed293c1b7a6
SHA1 hash:
16630ca7e312e19ac0bc1439ddf3df0b320da76f
Link:
https://www.unpac.me/results/b0b4b2ef-ef09-4c5e-a902-08721aa852b5/
SH256 hash:
5d24cbab8f7683cff2ed089517b8a361d22a62f1a6bfee338f0936d7bcd3a611
MD5 hash:
807745efcf83b696c9b967f886a59640
SHA1 hash:
10e553f16a1a4a3a23f0ceea08889e980d7705ba
Link:
https://www.unpac.me/results/b0b4b2ef-ef09-4c5e-a902-08721aa852b5/
SH256 hash:
b25818cfa65b13e2be6358f5c28dfae35578d72fea8d0120486d8ec6629a1bf4
MD5 hash:
5e5043a0455e8652d0a58c8611e47903
SHA1 hash:
8c277a2c32d211b5faa0dd65a8872c903e1ed429
Link:
https://www.unpac.me/results/b0b4b2ef-ef09-4c5e-a902-08721aa852b5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b25818cfa65b13e2be6358f5c28dfae35578d72fea8d0120486d8ec6629a1bf4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/274462/

Comments