Friday, 13 May 2011

Trojan.Ransom (xxxvideo.avi.exe)



This trojan blocker ( MD5: cbb9286cf634bbf2f3c386a17b03a1f8 ) prevents all software execution.
To remove the Trojan (and unlock windows), infected users need to enter a valid serial number.

According to VirusTotal this sample was detected by 2 AV: https://www.virustotal.com/file-scan/report.html?id=9bd981c46c781c98047ad4d5416d378fc5993dcee0dbd1bc1ae4b0b43f1bca70-1305263214


Number to Call: 8-988-533-94-01 ~ 89885339401
Code to unlock windows: 1062



This ransomware was also noticed here (18 Aug 2k10) ~ here (17 Dec 2k10) ~ here (27 Dec 2k10) ~ here (12 Jan 2k11) ~ here (14 Jan 2k11) ~ here (21 Jan 2k11) ~ here (23 Jan 2k11) ~ here (1 Feb 2k11) ~ here (3 Feb 2k11) ~ here (4 Feb 2k11) ~ here (4 Feb 2k11) ~ here (5 Feb 2k11) ~ here (7 Feb 2k11) ~ here (10 Feb 2k11) ~ here (12 Feb 2k11) ~ here (27 Feb 2k11) ~ here (10 Mar 2k11) ~ here (14 Mar 2k11) ~ here (14 Mar 2k11) ~ here (21 Mar 2k11) ~ here (18 Apr 2k11) ~ Unpacking xxx_video.exe (20 Apr 2k11) ~ here (13 May 2k11)

Thanks to mrbelyash for the sample.

No comments:

Post a comment