Win32/Urausy (aka "WinLocker")

Forum for analysis and discussion about malware.
Win32:Virut
Posts: 324
Joined: Sat Jun 02, 2012 2:22 pm

Re: Win32/Urausy (aka "WinLocker")

Post by Win32:Virut » Thu Jul 18, 2013 1:13 pm

175 files
You do not have the required permissions to view the files attached to this post.

Win32:Virut
Posts: 324
Joined: Sat Jun 02, 2012 2:22 pm

Re: Win32/Urausy (aka "WinLocker")

Post by Win32:Virut » Fri Jul 26, 2013 11:38 am

FUD

SHA256: 5058a0a92db56c4fed278a916bac86dc2da6157c831be29e50ecaca559cc6b17
SHA1: 6cf8aa35312abbe80dd1045c4eda8d1f5f045e31
MD5: 8edb22f4b7ef42b4ef4a319a81343743
File size: 104.0 KB ( 106496 bytes )
File name: 68.exe
Detection ratio: 0 / 46
https://www.virustotal.com/en/file/5058 ... /analysis/

SHA256: 6d0b49e40d2742b4697a428f8b042eba564fe9f535cca3aa00ab37b87ee20655
SHA1: 3a2c0c0e44a1a840d02294b3db2f374586c77368
MD5: 7e58997921ca3a43d9ac4324dd3dbb7c
File size: 104.0 KB ( 106496 bytes )
File name: 58.exe
Detection ratio: 0 / 46
https://www.virustotal.com/en/file/6d0b ... /analysis/

SHA256: 6c87fdfd6e83c2a9ec8541e8a24a606d1397d7ccf2470c4581038b50925363ee
SHA1: 5388b254bbc17a4a87d5f5e59d1aa521c4b68f2e
MD5: 316aec764f80749998b23d99262dd34d
File size: 104.0 KB ( 106496 bytes )
File name: 26.exe
Detection ratio: 0 / 46
https://www.virustotal.com/en/file/6c87 ... /analysis/
You do not have the required permissions to view the files attached to this post.

Win32:Virut
Posts: 324
Joined: Sat Jun 02, 2012 2:22 pm

Re: Win32/Urausy (aka "WinLocker")

Post by Win32:Virut » Fri Jul 26, 2013 12:50 pm

_http://slimxxxtubevdn.ddns.name/2013/animal-sex-free.avi.exe
_http://slimxxxtubeejs.ddns.name/2013/dog_sex_first_time.avi.exe
_http://slimxxxtubekrn.ddns.name/2013/free-animal-porn-video.avi.exe
_http://slimxxxtubeull.dnset.com/2013/free-animal-porn-video.avi.exe
_http://slimxxxtubewfl.ddns.name/2013/free-animal-porn-video.avi.exe
_http://slimxxxtubekgv.ddns.name/2013/free-animal-porn-video.avi.exe
_http://slimxxxtubexwb.dnset.com/2013/free-animal-porn-video.avi.exe
_http://slimxxxtubelap.ddns.name/2013/free-animal-porn-video.avi.exe
_http://slimxxxtubekgv.ddns.name/2013/girl-fucked-by-dog.avi.exe
_http://streamblowjobpimpmaturetube.de/30/movie1080p.mkv.exe
_http://slimxxxtubefel.ddns.name/2013/free-animal-porn-video.avi.exe
_http://tube8vidsjtq.ddns.name/2013/free-animal-porn-video.avi.exe
_http://slimxxxtubejie.dnset.com/2013/free-animal-porn-video.avi.exe
_http://tube8vidsdob.dnset.com/2013/free-animal-porn-video.avi.exe
_http://tube8vidshhr.ddns.name/2013/girl-fucked-by-dog.avi.exe
_http://tube8vidsnlq.dnset.com/2013/zoo-sex-episode-5.avi.exe
_http://tube8vidsotz.dnset.com/2013/free-animal-porn-video.avi.exe
_http://slimxxxtubevdn.ddns.name/2013/hardcore-animal-sex-video.avi.exe
_http://slimxxxtubeejs.ddns.name/2013/zoo-sex-episode-5.avi.exe
_http://slimxxxtubeqve.dnset.com/2013/zoo-sex-episode-5.avi.exe
_http://tube8vidsiww.ddns.name/2013/dog_sex_first_time.avi.exe
_http://tube8vidsxpg.ddns.name/2013/girl-fucked-by-dog.avi.exe
_http://tube8vidsxhx.dnset.com/2013/dog_sex_first_time.avi.exe
_http://tube8vidszso.dnset.com/2013/horse_sex_video.avi.exe
_http://tube8vidsbbr.dnset.com/2013/zoo-sex-episode-5.avi.exe
_http://tube8vidsbzx.dnset.com/2013/horse_sex_video.avi.exe
_http://tube8vidsrau.dnset.com/2013/horse_sex_video.avi.exe
_http://tube8vidsrau.dnset.com/2013/zoo-sex-episode-5.avi.exe
_http://tube8vidsrjm.ddns.name/2013/zoo-sex-episode-5.avi.exe
_http://tube8vidszmi.ddns.name/2013/dog_sex_first_time.avi.exe
_http://tube8vidsjtq.ddns.name/2013/FlashPlayer_11_7_update_for_Win.exe
_http://tube8vidsbfr.ddns.name/2013/zoo-sex-episode-5.avi.exe
_http://tube8vidsbfr.ddns.name/2013/horse_sex_video.avi.exe
_http://tube8vidsznj.ddns.name/2013/hardcore-animal-sex-video.avi.exe
_http://tube8vidssrq.ddns.name/2013/horse_sex_video.avi.exe
_http://tube8vidselw.ddns.name/2013/zoo-sex-episode-5.avi.exe
_http://tube8vidscwg.dnset.com/2013/animal-sex-free.avi.exe
_http://tube8vidslus.dnset.com/2013/zoo-sex-episode-5.avi.exe
_http://tube8vidsyzd.ddns.name/2013/dog_sex_first_time.avi.exe

Win32:Virut
Posts: 324
Joined: Sat Jun 02, 2012 2:22 pm

Re: Win32/Urausy (aka "WinLocker")

Post by Win32:Virut » Sat Jul 27, 2013 3:53 pm

163 files.
You do not have the required permissions to view the files attached to this post.

Win32:Virut
Posts: 324
Joined: Sat Jun 02, 2012 2:22 pm

Re: Win32/Urausy (aka "WinLocker")

Post by Win32:Virut » Sat Aug 03, 2013 7:36 pm

Detected only by Kaspersky and Symantec.

SHA256: 78d2f25dc0bb2bae849f5891173fbf1855245b1d57dd09d0219a2fe35cd0af3a
SHA1: 9d76a2a1fd14f08efd086a129c358d1c9af0a796
MD5: 517e0eb96ab03b3e6752e720cb4b1606
File size: 95.5 KB ( 97792 bytes )
File name: movie1080p.mkv.exe
Detection ratio: 2 / 46
Analysis date: 2013-08-03 19:34:42 UTC ( 0 minutes ago )
https://www.virustotal.com/en/file/78d2 ... 375558482/
You do not have the required permissions to view the files attached to this post.

Evilcry
Posts: 135
Joined: Tue Apr 20, 2010 6:10 pm

Re: Win32/Urausy (aka "WinLocker")

Post by Evilcry » Sat Aug 17, 2013 3:10 pm

SHA256: cd3620edf22450be66127d647ecebad06de972a2a542c2780212f46480cc8139
SHA1: edf7b757c4ca2c7f63fba6beece763c345f03ca5
MD5: efc786adda00b8117a178527f88c3d44
File size: 86.5 KB ( 88576 bytes )
File name: movie1080p.mkv.exe
File type: Win32 EXE
Detection ratio: 3 / 46
Analysis date: 2013-08-17 13:37:06 UTC

https://www.virustotal.com/en/file/cd36 ... 376746626/
You do not have the required permissions to view the files attached to this post.

N3mes1s
Posts: 42
Joined: Wed Mar 09, 2011 5:17 pm

Re: Win32/Urausy (aka "WinLocker")

Post by N3mes1s » Mon Aug 19, 2013 7:47 am

SHA256: 18babdfb7f6be5d0bcc7da82b2ae84f19543236fba3befa1ea5daeb74286f379
SHA1: 0b3df817f730659d8bbfdf1b6cb965196e68d0ca
MD5: 0d70263ce9f1f9786974b16a75aaadb9
File size: 115.0 KB ( 117760 bytes )
File name: movie1080p.mkv.exe
File type: Win32 EXE
Detection ratio: 2 / 46
Analysis date: 2013-08-19 07:39:54 UTC

https://www.virustotal.com/en/file/18ba ... 376897994/

http://urlquery.net/search.php?q=movie1 ... -19&max=50
You do not have the required permissions to view the files attached to this post.

User avatar
Squirl
Posts: 15
Joined: Sun Apr 03, 2011 11:48 pm

Re: Win32/Urausy (aka "WinLocker")

Post by Squirl » Mon Aug 19, 2013 2:45 pm

Hundreds of these URLs hosted on 103.31.186.29:

http://urlquery.net/search.php?q=.avi.e ... 19&max=400

Evilcry
Posts: 135
Joined: Tue Apr 20, 2010 6:10 pm

Re: Win32/Urausy (aka "WinLocker")

Post by Evilcry » Thu Aug 22, 2013 7:07 am

SHA256: 49d5aedce06aace5541dfc295fdac86366e5375764040129ac0e831a674f0774
SHA1: 2bcb770dc1089eb42cba5a21ffcba0fd2c7eec2b
MD5: 12b1cd37647ff7a02d372b8af62854b6
File size: 104.5 KB ( 107008 bytes )
File name: movie1080p.mkv.exe
File type: Win32 EXE
Detection ratio: 3 / 46

https://www.virustotal.com/en/file/49d5 ... 377154757/
You do not have the required permissions to view the files attached to this post.

Cody Johnston
Posts: 157
Joined: Sun May 01, 2011 4:33 pm
Location: Los Angeles, CA
Contact:

Mandiant USA Ransomware

Post by Cody Johnston » Thu Aug 29, 2013 6:49 pm

Grabbed this sample today:

Image

Archive includes images from Windows\Temp folder for UI as well as packed samples:

SHA256: 11ff81066796f5d6a2988dffd683e6ab76b84049a2cbe284b053a8f120012762
SHA1: df52d50dc9cccbf7679a2bdfe18596f92523c1d0
MD5: 4ad230aa5eea88ed96c885353336392c
File size: 96.0 KB ( 98304 bytes )
File name: 136828.exe
File type: Win32 EXE
Detection ratio: 5 / 46
You do not have the required permissions to view the files attached to this post.

Post Reply