DH File Locker Ransomware Builder Kit Released (Protection, Review and Removal) - How to, Technology and PC Security Forum | SensorsTechForum.com

DH File Locker Ransomware Builder Kit Released (Protection, Review and Removal)

This material is created to show you how DH File Locker Ransomware works, how to remove it, protect yourself from it and restore locked files.

A ransomware builder kit, called DH File Locker with a lots of settings, obfuscation and many features has been released on the deep web and surfaced on multiple web forums. The virus aims to provide full access to even inexperienced cyber-criminals on how to create their own version of this ransomware infection. This is a strong indication that infections by variants of DH File Locker will begin to surface online. We have decided to download the ransomware builder and run it to test it’s capabilities and show what aspects of this virus should you beware of and how to protect yourself from it.

Threat Summary


DH File Locker

TypeRansomware Builder / Ransomware Family
Short DescriptionThe malware locks victims files adding a custom unlock password. Has avoiding and anti techniques.
SymptomsCustom file extension and ransom note are added, depending on what the cyber-criminal configures it to do.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by DH File Locker


Malware Removal Tool

User ExperienceJoin our forum to Discuss DH File Locker.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

DH File Locker – Technical Insight

The aim of the DH File Locker ransomware is to lock potential victims out of their files and to perform this, the virus also has an extra within it. It generates random passwords for each file that is blocked by it to make decoding of the files significantly more difficult.

When the ransomware builder kit is download, it is contained in a .RAR archive in which are the virus’s program files:

The main interface of this ransomware is well-designed and has very easy access to all features of this virus, making it user-friendly for any cyber-crook wannabe.

The virus comes with a per-embedded message which can be changed for the victim to see. This message is also known as a ransom note and it may contain different ransom instructions for the victim to see, like a payment “request” for different BitCoin amount to an anonymous BTC wallet.

As visible from the screenshot below, the configuration also includes a folder in which the infected files are hidden and a unique unlock password which is the only one that can unlock your files. In addition to this, DH File Locker can also be configured to run on system startup and hide the locked files as well.

Another interesting function of this ransomware builder is called UAC Tricky which aims to perform different evasion techniques of the User Account Control:

The functions of it can be either switched on or switched off in terms of how it responds when the UAC is off.

Another DH File Locker “function” is to allow it’s creator to choose where the malicious files of the virus will be extracted:

The virus also has a feature, known as FilePumper, aslo associated with the encryption procedure of the files. Furthemore, DH File Locker has multiple other functions, like Extension Spoofer or a function that allows for a custom file extension to be added to the locked files and in addition to it, the virus can also change their icon with a custom one, to further scare the victim.

But this is not all when it comes to DH File Locker. The malware also comes packed with a kit that allows it to run obfuscation against different programs that may allow it’s research. The programs it can fool are:

  • Virtual PC software.
  • Virtual Box drives.
  • Wireshark.
  • Debug.
  • Anubis.
  • Kaspersky.
  • VMWare.
  • OllyDbg.

In addition to this extra, DH File Locker can also directly disable different Windows services too. The services it can shut down by force are:

  • UAC (User Account Control).
  • Regedit.
  • Windows Firewall.
  • Windows Command Prompt.
  • Windows Run Window.
  • Windows Task Manager.
  • System Configuration service.
  • Windows Registry Editor.
  • Windows Update Service.

DH File Locker – Conclusion and How To Protect Yourself

Since this virus is still out in the wild and may be re-modified and reused in many different versions, we advise you to take multiple measures in order to protect yourself from it. Here are some of the advices which we would definitely recommend you follow.

Download anti-malware software which will decrease infection possibility.
Learn how to protect yourself from malicious e-mail attachments and web links, by watching the following video.
Learn how to safely store your files by visiting our educational material with different methods to backup in a safe manner.

What If My PC Has Already Been Infected?

In case you were infected by the DH File Locker ransomware, the first thing you should do is to focus on backing up the encrypted files. Then we advise you to follow our removal instructions below. They are carefully designed to help you remove DH File Locker’s malicious files from your computer. In case you do not have the experience in malware removal, experts always recommend using an advanced anti-malware program that will take care of this virus automatically.

If your files have already be locked by DH File Locker, do not despair, because we have suggested several alternative methods below that can help you recover a big chunk of the files if you are in luck, until malware researchers come up with a decryptor.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share