Ransomware question

Ask your beginner questions here.
Post Reply
creati0n
Posts: 2
Joined: Mon Nov 26, 2012 3:27 pm

Ransomware question

Post by creati0n » Mon May 02, 2016 9:51 pm

Hi,
I am trying to analyze TeslaCrypt and I'm a bit of a noob. I have IDA, Ollydbg, pestudio, couple other tools i've tested out but none have yielded answers to fundamental questions i have about the malware.

my main question is: teslacrypt adds itself to startup. so that means there must be some check it does to see if its already encrypted the system right? Maybe it checks if there is already a file that is encrypted, or if there is some information already stored in the registry... whatever it is teslacrypt does not re-encrypt your already encrypted files after a system reboot, and im wondering how it does this, and how i can find this out on my own in the future.

Thanks.

Post Reply