A forum for reverse engineering, OS internals and malware analysis
Not everyone here has access to download on VT, would you please attach the sample to your post?
Meet Ransom32: The first JavaScript ransomware: http://blog.emsisoft.com/2016/01/01/mee ... ansomware/
The Ransom32 Affiliate System: http://www.bleepingcomputer.com/news/se ... avascript/
Attachments
pw: infected
(5 MiB) Downloaded 120 times
(5 MiB) Downloaded 120 times
part 2
(5 MiB) Downloaded 101 times
(5 MiB) Downloaded 101 times
part 3
(5 MiB) Downloaded 106 times
(5 MiB) Downloaded 106 times
part 4
(5 MiB) Downloaded 98 times
(5 MiB) Downloaded 98 times
part 5
(2.31 MiB) Downloaded 101 times
(2.31 MiB) Downloaded 101 times
Initial file [MD5: 5812a494c9c7c151afe93f70c6f96daf] is an archive with the following files:
{"affid":"1EnWWsdyrMiXPTU87bWtvW6zPL6ZczD61v","minshatoshis":10000000,"msg":{"msgboxtype":"16","msgboxmessage":"ERROR: main_gui_render.cc(237) Running without Renderer"},"lowcpu":true,"showBlock":true}
Code: Select all
g:Path = 5812a494c9c7c151afe93f70c6f96daf
Type = Rar
Solid = -
Blocks = 64
Multivolume = -
Volumes = 1
Date Time Attr Size Compressed Name
------------------- ----- ------------ ------------ ------------------------
2015-07-29 07:42:10 ....A 7482865 1636804 nw.pak
2015-12-01 16:16:04 ....A 57344 20084 s.exe
2015-12-01 14:04:58 ....A 466 263 u.vbs
2015-02-03 01:42:06 ....A 15 15 locales/am.pak
2015-02-03 01:42:06 ....A 15 15 locales/ar.pak
2015-02-03 01:42:06 ....A 15 15 locales/bg.pak
2015-02-03 01:42:06 ....A 15 15 locales/bn.pak
2015-02-03 01:42:06 ....A 15 15 locales/ca.pak
... Skipped, all MD5: 7c321056f805aabd5a503821fa1994cd
2015-02-03 01:42:06 ....A 15 15 locales/vi.pak
2015-02-03 01:42:06 ....A 15 15 locales/zh-CN.pak
2015-02-03 01:42:06 ....A 15 15 locales/zh-TW.pak
2015-11-27 18:09:22 ....A 32028 10858 chrome <- EULA GNU General Public License
2015-07-29 07:42:04 ....A 961536 377912 ffmpegsumo.dll
2015-07-29 07:42:06 ....A 10457856 3558129 icudtl.dat
2015-11-19 13:44:32 ....A 117 98 msgbox.vbs
2015-11-27 00:18:50 D.... 0 0 locales
2015-12-18 22:36:20 ....A 4378638 1303095 rundll32.exe
2015-12-19 20:37:08 ....A 47393225 16282591 chrome.exe
2015-12-31 23:53:44 ..... 201 179 g <- Shown below
------------------- ----- ------------ ------------ ------------------------
70765071 23190808 63 files, 1 folders
{"affid":"1EnWWsdyrMiXPTU87bWtvW6zPL6ZczD61v","minshatoshis":10000000,"msg":{"msgboxtype":"16","msgboxmessage":"ERROR: main_gui_render.cc(237) Running without Renderer"},"lowcpu":true,"showBlock":true}
Anyone have the onion link to the portal to create new samples?
>> ransom32vgzgvkrz.onion