[Meriadoc]

UK

[GMax]

opera.exe
MD5   : fd759a0ecb581368316267c1a2a729b2
https://www.virustotal.com/file-scan/report.html?id=1a0c63bcdfe42ca0213960f44a2c727733fc0e14289a3513d671e3acbbd6ae11-1324642406

C&C:
tuiywif.info
gbuoieu.info
igymgcv.info
bamnzov.info
hwfdfev.info
hcdgydm.info
pawqcfk.info

[rkhunter]

MS - Trojan:Win32/Ransom.EJ
Kaspersky - Trojan.Win32.VBKrypt.isdv

MD5: e98b6209cb5d723f955a9c10e42b7aa3

8/43 >> 18.6%

[rkhunter]

15/43 >>34.9%

MD5: d5dc9a351677d0d3ecfa782285a16fd5

[Xylitol]

Gobierno espana: 2/41 >> 4.9%
http://www.virustotal.com/file-scan/rep ... 1326225177


Bundespolizei: 2/41 >> 4.9%
http://www.virustotal.com/file-scan/rep ... 1326234678

[markusg]

SHA256:
e193ac006ac4682a01bea11f7084469594e05cba917861196dd92af4a3e7bc5c 
File name:
panel.exe 
https://www.virustotal.com/file/e193ac0 ... 328184849/

[r2nwcnydc]

Looks like a screen locker.

Connects to the following sites:
lb1.www.ms.akadns.net -> Sends a custom ping packet over TCP
miklorsoft.in
mekrosoft.in -> Downloads two images (1.bmp/2.bmp)

Interesting strings:
C:\Documents and Settings\user\Desktop\bloker\Release\spambot.pdb
zip/gate.php
minkosoft.in
milkosoft.in
micolosoft.in
microlsoft.in
miklorsoft.in
/%s?user=%s&uid=%s&os=%i&pin=%s
/%s?user=%s&uid=%s&os=%i
http ://mekrosoft.in/1.bmp
http ://mekrosoft.in/2.bmp

screenlocker.jpg (84.38 KiB) Viewed 501 times

[markusg]

yer, sorry, i was not sure about this one, perhaps some mod can merge the topic with ransom topic.

[rkhunter]

Yes, this is ransomware.

[markusg]

MD5   : bf54f7c7ea2454afd34ec74d01a44a42
http://www.virustotal.com/file-scan/rep ... 1324320096

MD5   : 280f8ac9fe01e70cdfbcbcb761f314c0
http://www.virustotal.com/file-scan/rep ... 1324232884

MD5   : f06c8edf6feb5e531a65a21eb09df592
https://www.virustotal.com/file-scan/re ... 1324141407

MD5 : 094b2f75aecaa72055fc6637caaddd18
http://www.virustotal.com/file-scan/rep ... 1324226373

MD5   : 9c66eeeb167e8b9b59433556faebd61f
https://www.virustotal.com/file-scan/re ... 1324135270

MD5   : 964ea81e821aea3ca7048bed4c64c2e1
https://www.virustotal.com/file-scan/re ... 1324135593

MD5   : f06d4a7c128b66dae61f9f50347d032a
https://www.virustotal.com/file-scan/re ... 1324136000

MD5   : db9294e6d6dd50f735096816390e2236
https://www.virustotal.com/file-scan/re ... 1324117840

MD5   : fd759a0ecb581368316267c1a2a729b2
https://www.virustotal.com/file-scan/re ... 1324642406

MD5 : 280c3da5ea65c959067f8ab553037370
https://www.virustotal.com/file-scan/re ... 1324584652

MD5 : 48c37b5fb17ae8ae9d135b979bd1f09a
https://www.virustotal.com/file/750857f ... 326818839/

MD5   : 2022f68e8324525801b007210fad7971
https://www.virustotal.com/file-scan/re ... 1324324952

MD5   : 2a5c5bd9559cbb7d46f71a885954b7d8
https://www.virustotal.com/file-scan/re ... 1324325586

MD5   : 0ce781ed44dab357d613e8a1cbe08adf
https://www.virustotal.com/file-scan/re ... 1324382041

MD5   : 6aceeb468cb5a73e77d9181f538c153e
https://www.virustotal.com/file-scan/re ... 1324393049

MD5   : b12d16c0d939ff4ef909e1ccedae02fb
http://www.virustotal.com/file-scan/rep ... 1324470120

MD5   : 7661af05900b43de972b08d0ac4c8b05
https://www.virustotal.com/file-scan/re ... 1324470540

MD5   : 280c3da5ea65c959067f8ab553037370
https://www.virustotal.com/file-scan/re ... 1324661698

MD5   : 53a08dc75e0f574795e313b310ffff77
https://www.virustotal.com/file-scan/re ... 1324664203

MD5   : 53a08dc75e0f574795e313b310ffff77
https://www.virustotal.com/file-scan/re ... 1324664203

MD5   : fe3aaeedb01eca704d723ee61576e1ee
https://www.virustotal.com/file-scan/re ... 1324664518

MD5   : c462a747733137f2f01427f1936f02e0
https://www.virustotal.com/file-scan/re ... 1324664982

MD5   : 4fd38e149ad2339a1067ff0cb35618d3
https://www.virustotal.com/file-scan/re ... 1324833659

MD5   : d175011ba1caaf7ee633c4609739db5d
https://www.virustotal.com/file-scan/re ... 1325005450

MD5   : 8655ab0d878a45e04e879b3e207d062c
https://www.virustotal.com/file-scan/re ... 1325005702

MD5   : 7d1bcc2a2ec3cd6bab4d53e704c2b994
https://www.virustotal.com/file-scan/re ... 1325005830

MD5   : a179bd9f512536fef11a8538ccb2e68f
https://www.virustotal.com/file-scan/re ... 1325006090

MD5   : e276fb389af00d589fde5d67d880af07
https://www.virustotal.com/file-scan/re ... 1325012261

MD5   : 234c2536502c73380bddb9c41433f5a4
https://www.virustotal.com/file-scan/re ... 1325012751

MD5   : 8fbd78ee09d1467920b47fad3702d65a
https://www.virustotal.com/file-scan/re ... 1325079026

MD5   : af490329f5ad58ee8209ed67e1a4e774
http://www.virustotal.com/file-scan/rep ... 1325864284

MD5   : 799259adea7a5b664de93085a1bee22a
https://www.virustotal.com/file-scan/re ... 1326135074

MD5 : 48e38c1d8bd97f13bc0acfae45880ed3
https://www.virustotal.com/file-scan/re ... 1326220030

MD5   : d6d66045c58db10ed0a7c8e9e430a590
https://www.virustotal.com/file-scan/re ... 1326226926

MD5   : 80bb4d6662adb54055850b2e8250d428
https://www.virustotal.com/file-scan/re ... 1326302701

66a022ca9613a9b2f0fb22d693064e97 at UTC - VirusTotal
https://www.virustotal.com/file/2c3d29d ... 326801872/

32df0d3ad50ae361d71218e3a2f054fe
https://www.virustotal.com/file/0063378 ... 326904947/

c615ed95f89e68a745826a22eb650a4f
https://www.virustotal.com/file/3386293 ... 326918246/

239d03155218af845499bb987212b28a
https://www.virustotal.com/file/27116fa ... 327351499/

32e2414a344423052e56dd1c644934a6
https://www.virustotal.com/file/0033705 ... 327077395/

5f0b18f7e477b7b6b233f56fd9edddc2
https://www.virustotal.com/file/46f8eb5 ... 327090311/

369ce141d3d15186650367b74ec397b4
https://www.virustotal.com/file/584ea11 ... 327091847/

eee591f8dd317bb7e2f8a1fbf971601b
https://www.virustotal.com/file/c24b956 ... 327260152/

a68aab742e12dad8e6f04497efa0eaa7
https://www.virustotal.com/file/fc5fc09 ... 327263661/

5461e085f2bfd7072fec3e49db8a07fa
https://www.virustotal.com/file/bc2de94 ... 327340126/

SHA256:
c0c123b2a1552fd0472996caeec477bc5c86a67bb90972b1990999bbaf53fac7
https://www.virustotal.com/file/c0c123b ... 327507155/

SHA256:
42154e64af9234e1579c2b0a7381d49a23b952aba7bc77d23e4508cdf46968ac
https://www.virustotal.com/file/42154e6 ... 327435106/

SHA256:
51b359b002a7d5a49ab9524e8ad6d9dd7d34feb686eeac59a796cb490bb563fd

SHA256:
0ee033a956071fcf5035fd719309f85bcefec1f9c23e26af7c9484f20f3a183f
https://www.virustotal.com/file/0ee033a ... 327407732/

0.3995553549943903.exe 
https://www.virustotal.com/file/064a23f ... 328554597/

SHA256:
9d22847b2f1542810e17fe68feccc0a2fb0be0c12825e36c6f8e1304cc548cc1
https://www.virustotal.com/file/9d22847 ... 327580149/

SHA256:
8a501e776fc2197c01dc799710ecb092bec8f7de7213e710d05957763015c6f1
https://www.virustotal.com/file/8a501e7 ... 327593069/

SHA256:
4d6a89df0b29ae02a27c1033ba375e1e394a5d36e39f93d77287ff09d3ab417e 
https://www.virustotal.com/file/4d6a89d ... 327767326/

SHA256:
ca0d0f496498e5bb217769c7305cfb849637401d69fef7ad4e0aa8bb52d9424a 
https://www.virustotal.com/file/ca0d0f4 ... 328112148/

SHA256:
96270a34fa72c31bc736ecefadc74e8dc3ebc6ef55c0e4c06dc3fbd4fd2d64f6
https://www.virustotal.com/file/96270a3 ... 328122922/

SHA256:
9a83a1c668fc060e019d2d74c47b799774f51639c8e843b62cd3e2aa6de2a0f0
https://www.virustotal.com/file/9a83a1c ... 328213379/

SHA256:
e17a954222d10bd6ee537765f9c91982cbac58b6e23cc11d934a2da51345ef9f 
https://www.virustotal.com/file/e17a954 ... 328290968/

SHA256:
4747cf3141e4dee1bdf7f32edaf388100ed431e6ba416384ca96d561585cd6e2 
https://www.virustotal.com/file/4747cf3 ... 328362019/

SHA256:
3387570fde0116d0599bf4c7823cdd18a66943e91c49b2226e33649a3d12d927
https://www.virustotal.com/file/3387570 ... 328382503/

SHA256:
f8c161d6165aae81de9ffc67b3c5c6426cdc3f7933983c6ab51e4d6758233938
https://www.virustotal.com/file/f8c161d ... 328464207/

SHA256:
9269254139ba57e4292df72663c49c2d1690841b82fcb4fa623dac345c4fc826 
https://www.virustotal.com/file/9269254 ... 328464417/