[kmd]

i patched calls at entry but still quit
something else may be?

[EP_X0FF]

If this still not working for you then you are doing it wrong.

Attached with VPC check patched. I didn't touched Vmware VMX backdoor/Sandboxie parts.

[Cody Johnston]

Hi,

I'm not sure what this ransomware is called, but I pulled 2 samples tonight from infected PCs:

Sample 1:

fvJcrgR.exe
MD5: b05e521f9373149bac2df6c448601707
https://www.virustotal.com/en/file/ff53 ... 374737530/

Sample 2:

Q6dQAjy.exe
MD5: 124afa392b95e1c4dc62a77562af50e6
https://www.virustotal.com/en/file/8340 ... /analysis/

Both samples connect to same IP and also here:

Connects to: 69.64.52.188
hxxp://69.64.43.102/a35b57956cfa47e0a299bbd06b3b4c2e - this file gets downloaded, not sure what it is

I've no screenshot since it has Anti-VM and I need sleep so no time to play :D

[EP_X0FF]

It is variant of Cberplay. In attach 2 versions - 1 without crypter and 2 with decrypted strings (dumped when executed). Posts moved.