German Ransom (GEMA, GVU, InetAccelerator)

Forum for analysis and discussion about malware.
User avatar
EP_X0FF
Global Moderator
Posts: 4872
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Trojan Ransom / FakePoliceAlert

Post by EP_X0FF » Mon Dec 10, 2012 11:49 am

dumb110 wrote:German ransomware!
Decrypted in attach.
You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration

Quads
Posts: 148
Joined: Thu May 06, 2010 10:19 pm
Location: New Zealand

Re: German Ransom (GEMA, GVU, InetAccelerator)

Post by Quads » Tue Apr 16, 2013 10:53 pm

There is a German Ransomware around that uses what looks like Child Sex images.

Quads

User avatar
Xylitol
Global Moderator
Posts: 1671
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: German Ransom (GEMA, GVU, InetAccelerator)

Post by Xylitol » Wed Apr 17, 2013 1:51 am

German ransomware threatens with sick kiddie smut: http://www.theregister.co.uk/2013/04/05 ... ansomware/

User avatar
evild3ad
Posts: 7
Joined: Tue Nov 15, 2011 4:39 pm
Location: Germany
Contact:

Re: German Ransom (GEMA, GVU, InetAccelerator)

Post by evild3ad » Sat May 04, 2013 6:33 am

Here's the newest version of Revoyem...first seen on May 01. It seems that only the german landing page works...the criminals also use Ramnit in the UK. This ransomware threatens with 4 pix of child pornography!

http://www.evild3ad.com/2391/bka-trojan ... blockiert/

Image
You do not have the required permissions to view the files attached to this post.
Last edited by evild3ad on Sat May 04, 2013 7:56 am, edited 1 time in total.

dumb110
Posts: 111
Joined: Tue Jun 05, 2012 1:29 pm

Re: German Ransom (GEMA, GVU, InetAccelerator)

Post by dumb110 » Sat May 04, 2013 7:32 am

Revoyem.exe (MD5: 06f041771579b59fc684d2f856040d18)


anyone would mind attaching the sample?

frame4-mdpro
Posts: 40
Joined: Wed Jul 13, 2011 1:53 am

Re: German Ransom (GEMA, GVU, InetAccelerator)

Post by frame4-mdpro » Sat May 04, 2013 8:18 am

dumb110 wrote:Revoyem.exe (MD5: 06f041771579b59fc684d2f856040d18)


anyone would mind attaching the sample?
Will this do ?
You do not have the required permissions to view the files attached to this post.

markusg
Posts: 734
Joined: Mon Mar 15, 2010 2:53 pm

Re: German Ransom (GEMA, GVU, InetAccelerator)

Post by markusg » Sat May 11, 2013 6:49 pm

SHA256:
361f20ceea4a6f0db5e5321d7ac71d6442163e2282ffee89c4bdb203b0dfc7d7 
Dateiname:
SQLSE20.DLL 
Erkennungsrate:
2 / 46  
https://www.virustotal.com/de/file/361f ... /analysis/
You do not have the required permissions to view the files attached to this post.

Post Reply