Tuesday 25 January 2011

Trojan.Ransom (HomoBlocker)



This trojan blocker ( MD5: 3007798e028dc7b1f5395b31cced3e17 ) prevents all software execution.
To remove the Trojan (and unlock windows), infected users need to enter a valid serial number.
This sample was detected at 10h:43m:21s GMT+1


Number to Call: 9653985797
Number to Call: 9645214599
Number to Call: 9652750705
Number to Call: 9653909089
Number to Call: 9653909535
Number to Call: 9671979497
Number to Call: 9671979545
Number to Call: 9652750709
Number to Call: 9652750773
Number to Call: 9652750769
Number to Call: 9652750728
Code to unlock Windows: WE ROCK


HomoBlocker is a variant of pornoplayer
HomoBlocker was already analyzed on the past: here (15 Jan 2k11) ~ here (16 Jan 2k11) ~ here (18 Jan 2k11) ~ here (20 Jan 2k11)

No comments:

Post a Comment