Trojan:Win32/Ransom.BY

Forum for analysis and discussion about malware.
User avatar
Xylitol
Global Moderator
Posts: 1652
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Trojan:Win32/Ransom.BY

Post by Xylitol » Mon Jan 17, 2011 12:32 am

You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1652
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Trojan Winlock / Ransom / ScreenLocker

Post by Xylitol » Sun Jan 23, 2011 12:16 am

You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1652
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Trojan Winlock / Ransom / ScreenLocker

Post by Xylitol » Sun Jan 30, 2011 2:06 am

You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1652
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Trojan Winlock / Ransom / ScreenLocker

Post by Xylitol » Mon Jan 31, 2011 11:08 am

Image
http://www.virustotal.com/file-scan/rep ... 1296472001

location: hxxp://ya-petrovsky2012.narod2.ru/xxx_video.avi.exe
You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1652
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Trojan Winlock / Ransom / ScreenLocker

Post by Xylitol » Sun Feb 06, 2011 11:44 am

new loc: hXXp://pepka-master2012.narod2.ru/xxx_video.avi.exe

Code: Select all

00406B81  |.  E8 62EAFFFF   CALL 004055E8           ; \GetWindowTextA
serial must start with "000" someone can confirm i dont really understand how work the regitration schem ?
Image

Image

Image
You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1652
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Trojan Winlock / Ransom / ScreenLocker

Post by Xylitol » Sat Feb 12, 2011 2:38 pm

You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1652
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Trojan Winlock / Ransom / ScreenLocker

Post by Xylitol » Thu Feb 17, 2011 1:47 pm

You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1652
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Trojan Winlock / Ransom / ScreenLocker

Post by Xylitol » Thu Feb 17, 2011 10:58 pm

You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1652
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Trojan Winlock / Ransom / ScreenLocker

Post by Xylitol » Sat Feb 19, 2011 8:49 am

loc: hXXp://video.blaskel.cz.cc/video/xxx_video.avi
You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1652
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Trojan Winlock / Ransom / ScreenLocker

Post by Xylitol » Sun Feb 20, 2011 11:48 am

new loc: hXXp://video.bllesbo.cz.cc/video/xxx_video.avi

Image
You do not have the required permissions to view the files attached to this post.

Post Reply