This trojan blocker ( MD5: e639578e48ea1e3f6a1f07d512a8dd04 ) prevents all software execution.
To remove the Trojan (and unlock windows), infected users need to enter a valid serial number.
According to VirusTotal this sample was detected by 3 AV: http://www.virustotal.com/file-scan/report.html?id=2665fb6c122d8e50f5dd58098fc564be1a0b599906ad3b2f4f999657089901f8-1305220448
Number to Call: 8-965-388-99-85 ~ 89653889985
Code to unlock windows: 70000004
This ransomware was also noticed here (18 Aug 2k10) ~ here (17 Dec 2k10) ~ here (27 Dec 2k10) ~ here (12 Jan 2k11) ~ here (14 Jan 2k11) ~ here (21 Jan 2k11) ~ here (23 Jan 2k11) ~ here (1 Feb 2k11) ~ here (3 Feb 2k11) ~ here (4 Feb 2k11) ~ here (4 Feb 2k11) ~ here (5 Feb 2k11) ~ here (7 Feb 2k11) ~ here (10 Feb 2k11) ~ here (12 Feb 2k11) ~ here (27 Feb 2k11) ~ here (10 Mar 2k11) ~ here (14 Mar 2k11) ~ here (14 Mar 2k11) ~ here (21 Mar 2k11) ~ here (18 Apr 2k11) ~ Unpacking xxx_video.exe (20 Apr 2k11) ~ here (13 May 2k11) ~ here (13 May 2k11)
Thanks to mrbelyash for the sample.
No comments:
Post a Comment