Page 3 of 12

Re: Trojan Winlock / Ransom / ScreenLocker

PostPosted:Mon Nov 21, 2011 8:03 pm
by markusg
svhcost.exe
MD5 : cb08c55ea8a34f0750a7e3a47d6faa63
https://www.virustotal.com/file-scan/re ... 1321905022

Re: Trojan Winlock / Ransom / ScreenLocker

PostPosted:Tue Nov 22, 2011 7:38 pm
by GMax
markusg wrote:svhcost.exe
MD5 : cb08c55ea8a34f0750a7e3a47d6faa63
https://www.virustotal.com/file-scan/re ... 1321905022
Image

Image

Re: Trojan Winlock / Ransom / ScreenLocker

PostPosted:Tue Nov 22, 2011 11:21 pm
by Striker
GMax wrote: Image

Image
I've used a real Paysafecard ( 0,00€ credit ), so it works. The serials will be locked after activating, unfortunately you cannot use it again..


Image

Image

or try it self..


0971570170772327
0445332279725611

German Ransom (GEMA, GVU, InetAccelerator)

PostPosted:Sun Nov 27, 2011 7:32 pm
by markusg
sx5u7frt55.exe
MD5   : f76e3c6d194cf1f4002c417e020e7c0b
https://www.virustotal.com/file-scan/re ... 1322421186
gema ransom ware

Re: Trojan Winlock / Ransom / ScreenLocker

PostPosted:Mon Nov 28, 2011 6:32 am
by EP_X0FF
markusg wrote:sx5u7frt55.exe
MD5   : f76e3c6d194cf1f4002c417e020e7c0b
https://www.virustotal.com/file-scan/re ... 1322421186
gema ransom ware
In attach fully decrypted and unpacked sample. Crap is written on Delphi 7 with using of special TdWinlock component that provides blocking features such as:

noCtrlAltDel - FALSE
noAltTab - TRUE
noAltEsc - TRUE
noAltF4 - TRUE
noCtrlEsc - TRUE
noWinkeys - TRUE
noAppkey - TRUE
noRButton - TRUE
noTaskbar - TRUE
noTaskLinks - TRUE
noTaskTray - TRUE
noAltReturn - TRUE
noAccessibilityShortcuts - TRUE
noShutdown - TRUE
noDesktop - TRUE
noStartbutton - TRUE
noStartMenu - TRUE
Version - 3.2

Re: Trojan Winlock / Ransom / ScreenLocker

PostPosted:Mon Nov 28, 2011 7:26 pm
by markusg
svhcost.exe
MD5   : 316a119d9c4ba46a1ffdd01bc8de2a4a
https://www.virustotal.com/file-scan/re ... 1322507937

Re: Trojan Winlock / Ransom / ScreenLocker

PostPosted:Tue Nov 29, 2011 3:12 am
by EP_X0FF
markusg wrote:svhcost.exe
MD5   : 316a119d9c4ba46a1ffdd01bc8de2a4a
https://www.virustotal.com/file-scan/re ... 1322507937
Equal to this

In attach decrypted working sample. Posts moved.

Re: Trojan Ransom / FakePoliceAlert

PostPosted:Tue Nov 29, 2011 8:24 pm
by markusg
ed6t57it5.exe
MD5 : dad53b8e2127125f4850348a9e58182f
https://www.virustotal.com/file-scan/re ... 1322597835

Re: Trojan Ransom / FakePoliceAlert

PostPosted:Wed Nov 30, 2011 11:20 am
by EP_X0FF
markusg wrote:ed6t57it5.exe
MD5 : dad53b8e2127125f4850348a9e58182f
https://www.virustotal.com/file-scan/re ... 1322597835
Ransom GEMA

In attach decrypted

Re: Trojan Ransom / FakePoliceAlert

PostPosted:Fri Dec 02, 2011 10:51 am
by markusg
0.837970031559333.exe
MD5   : 4c11c67ff7f05a9a77200d4659c6ef4f
http://www.virustotal.com/file-scan/rep ... 1322822552