SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  LockBit.RSM_6_1
LockBit.RSM_6_1 is a Virus. Virus is a type of malware that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive

Mutexes created
  • \BaseNamedObjects\{C3128F95-C312-A7FE-D1C9-3BE2E25C3BA3}


Directory level activity
    • Nothing to report


    File level activity
    • write - file - C:\agent.pyw
    • write - file - C:\Restore-My-Files.txt
    • write - file - C:\documents and settings\default user\cookies\index.dat
    • write - file - C:\documents and settings\default user\cookies\Restore-My-Files.txt
    • write - file - C:\documents and settings\default user\local settings\history\history.ie5\index.dat
    • write - file - C:\documents and settings\default user\local settings\history\history.ie5\index.dat


    Registry level activity
    • write - registry - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run{D26B2595-1212-A79E-D1C9-D1E22F5CBDA3}
    • write - registry - HKEY_CURRENT_USER\SOFTWARE\B76B8F9512FEC9Private
    • write - registry - HKEY_CURRENT_USER\SOFTWARE\B76B8F9512FEC9Public


    Library level activity
    • load - library - gdiplus.dll
    • load - library - ws2_32.dll
    • load - library - shell32.dll
    • load - library - advapi32.dll
    • load - library - user32.dll
    • load - library - ole32.dll
    • load - library - netapi32.dll
    • load - library - gpedit.dll
    • load - library - oleaut32.dll
    • load - library - shlwapi.dll
    • load - library - msvcrt.dll
    • load - library - activeds.dll
    • load - library - mpr.dll
    • load - library - bcrypt.dll
    • load - library - crypt32.dll
    • load - library - iphlpapi.dll
    • load - library - wtsapi32.dll
    • load - library - win32u.dll
    • load - library - Comdlg32.dll
    • load - library - cryptbase.dll
    • load - library - combase.dll
    • load - library - Winspool.drv
    • load - library - NTMARTA.DLL
    • load - library - comctl32.dll
    • load - library - kernel32.dll
    • load - library - gdi32.dll
    • load - library - C:\WINDOWS\system32\rpcss.dll
    • load - library - UxTheme.dll
    • load - library - rsaenh.dll
    • load - library - rsaenh.dll


    Process API calls used
    • NtFreeVirtualMemory
    • NtCreateSection
    • ZwMapViewOfSection
    • NtFreeVirtualMemory


    Registry API calls used
    • RegOpenKeyExA
    • RegQueryValueExW
    • RegCloseKey
    • RegOpenKeyExW
    • RegCreateKeyExA
    • RegSetValueExW
    • RegQueryValueExA
    • NtOpenKey
    • NtQueryValueKey
    • RegCreateKeyExW
    • RegSetValueExA
    • RegCloseKey


    System API calls used
    • LdrLoadDll
    • LdrGetProcedureAddress
    • NtDelayExecution
    • LdrGetDllHandle
    • LdrGetProcedureAddress


    Filesystem API calls used
    • NtOpenFile
    • NtCreateFile
    • NtQueryInformationFile
    • NtOpenDirectoryObject
    • NtReadFile
    • NtSetInformationFile
    • FindFirstFileExW
    • NtWriteFile
    • NtQueryDirectoryFile
    • NtReadFile

    Network

    UDP source >> destination


      TCP source >> destination



        Domains:
        • NA

        DNS Request:
        • NA

        HTTP Request:
        • NA

        DLL related data
        Number of DLL's imported = 5
        • SHLWAPI.dll
        • ACTIVEDS.dll
        • KERNEL32.dll
        • ADVAPI32.dll
        • ole32.dll

        Relevant Information


        © SonicWall 2020 | Privacy Policy | Conditions for use Version: 10.0