This trojan blocker ( MD5: 1d13123c3f8a0591dfd571c346ba4a57 ~ 68d25ac34cffc2ed68ef6e7df2c66100) prevents all software execution.
To remove the Trojan (and unlock windows), infected users need to enter a valid serial number.
According to VirusTotal this sample was detected by 3 AV: https://www.virustotal.com/file-scan/report.html?id=d8b118751a878d3221a7ad8b64e2d6cd5b610766c19ba2de3ef41db9e2aece18-1305234906
And the latest sample by just 1 AV: https://www.virustotal.com/file-scan/report.html?id=f2af0a67065c6bf1aec39078402660d650fb74831af9f7c698be88189594569d-1305458291
Number to Call: 8-918-529-36-53 ~ 89185293653
Number to Call: 8-918-530-35-49 ~ 89185303549
Code to unlock windows: 111999
This ransomware was also noticed here (18 Aug 2k10) ~ here (17 Dec 2k10) ~ here (27 Dec 2k10) ~ here (12 Jan 2k11) ~ here (14 Jan 2k11) ~ here (21 Jan 2k11) ~ here (23 Jan 2k11) ~ here (1 Feb 2k11) ~ here (3 Feb 2k11) ~ here (4 Feb 2k11) ~ here (4 Feb 2k11) ~ here (5 Feb 2k11) ~ here (7 Feb 2k11) ~ here (10 Feb 2k11) ~ here (12 Feb 2k11) ~ here (27 Feb 2k11) ~ here (10 Mar 2k11) ~ here (14 Mar 2k11) ~ here (14 Mar 2k11) ~ here (21 Mar 2k11) ~ here (18 Apr 2k11) ~ Unpacking xxx_video.exe (20 Apr 2k11)
Thanks to mrbelyash for the sample.
No comments:
Post a Comment