Win32/LockScreen [Threat Name] go to Threat

Win32/LockScreen.BMA [Threat Variant Name]

Category trojan
Size 15872 B
Detection created May 11, 2015
Detection database version 11608
Aliases Trojan-Ransom.Win32.Agent.ifs (Kaspersky)
  ScreenLocker_s.BDG (AVG)
Short description

Win32/LockScreen.BMA is a trojan that blocks access to the Windows operating system.

Installation

The trojan does not create any copies of itself.

Information stealing

The trojan collects the following information:

  • operating system version
  • volume serial number
  • hardware information

The trojan attempts to send gathered information to a remote machine.

Other information

Win32/LockScreen.BMA is a trojan that blocks access to the Windows operating system.


The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (6) URLs. The HTTP protocol is used.


The trojan tries to download several files from the Internet.


The files are stored in the following locations:

  • %commondocuments%\­Report\­index.html
  • %commondocuments%\­Report\­pic.png

The trojan runs the following process:

  • %windir%\­explorer.exe

The trojan blocks keyboard and mouse input.


The trojan disables CD-ROM drive openning.


The trojan hides windows of running processes which contain any of the following strings in their title:

  • Internet Explorer

The trojan terminates any program that creates a window containing any of the following strings in its name:

  • Program Manager

Please enable Javascript to ensure correct displaying of this content and refresh this page.