Win32/Urausy (aka "WinLocker") - Page 7

Re: Mandiant USA Ransomware

#20639 by Horgh
Thu Aug 29, 2013 7:00 pm

Trojan:Win32/Urausy.E

Attachments

unpacked.7z

infected
(26.87 KiB) Downloaded 89 times

Username

Horgh

Posts

37

Joined

Fri Dec 07, 2012 9:48 am

Location

France

Re: Win32/Urausy (aka "WinLocker")

#20650 by Mosh
Fri Aug 30, 2013 6:15 pm

Another Urausy sample from 103.31.186.29 (Hong Kong)

SHA256: 0b043906e7baf5fa0cf49bfeb77ee299d8cb943330ecea84a950ab599a5efbc8
SHA1: 813812f2a4ff75a01042501abbdbcfcabeadf76f
MD5: 9c9c2e09acc22562adfee371fab29b8f
File size: 85.0 KB ( 87040 bytes )
File name: FlashPlayer_11_7_update_for_Win.exe
File type: Win32 EXE
VT: 3/46 https://www.virustotal.com/en/file/0b04 ... 377882332/

Attachments

FlashPlayer_11_7_update_for_Win.zip

infected
(48.84 KiB) Downloaded 91 times

nyxbone.com
Twitter: @nyxbone

Username

Mosh

Posts

29

Joined

Thu Oct 06, 2011 4:10 pm

Location

Colombia

Contact

Re: Win32/Urausy (aka "WinLocker")

#20732 by Cody Johnston
Thu Sep 05, 2013 9:46 pm

SHA256: 73b193c3e8f1fe3fe7473e78d6590d087db773ce210bf118f6e1c0cd49bd44c2
SHA1: e760088da5f1ebd3af8b0b45657f7a60902ec71b
MD5: 2308f7f081f5dccd664b2d95cac2208a
File size: 100.0 KB ( 102400 bytes )
File name: 9364419845799121817543.exe
Detection ratio: 6 / 47

https://www.virustotal.com/en/file/73b1 ... /analysis/

SHA256: 5cba4171f45cb57b0a1aa18fec8a0520efc60ffcd7ae56127c65a904afe349ed
SHA1: ba071063c0ba042d832d8531e43905c88bade3c3
MD5: e21caf76f4eef857d4d3aecde502443d
File size: 148.6 KB ( 152169 bytes )
File name: dxffddbhvltdfyckowd.bfg
File type: Win32 DLL
Detection ratio: 4 / 47

https://www.virustotal.com/en/file/5cba ... 378415046/

Attachments

Sample.zip

Password: infected
(156.28 KiB) Downloaded 81 times

Username

Cody Johnston

Posts

157

Joined

Sun May 01, 2011 4:33 pm

Location

Los Angeles, CA

Contact

Re: Win32/Urausy (aka "WinLocker")

#20854 by Win32:Virut
Tue Sep 17, 2013 2:25 pm

New icon.

Attachments

adobeflashplayerv10.2.152.32.zip

(66.95 KiB) Downloaded 75 times

Username

Win32:Virut

Posts

324

Joined

Sat Jun 02, 2012 2:22 pm

Re: Win32/Urausy (aka "WinLocker")

#20857 by Win32:Virut
Tue Sep 17, 2013 6:23 pm

They're back to the old icon.

Code: Select all

hxxp://tesyakoged.flnet.org/maindirectory/get.php?name=Cult_Movie.mpeg

Attachments

Cult_Movie.mpeg.7z

(46.49 KiB) Downloaded 71 times

Username

Win32:Virut

Posts

324

Joined

Sat Jun 02, 2012 2:22 pm

Re: Win32/Urausy (aka "WinLocker")

#20987 by Win32:Virut
Fri Sep 27, 2013 6:07 am

SHA256: ff31bb3bf1501c78749afd559ce2ff85fe95b95e0ebdd182268e78e587670308
SHA1: b8c63dc2a5cb3660348f85c55d5889a8cdbf3f07
MD5: ac1f5b43282cda1d902341b2e34a62e0
File size: 169.0 KB ( 173056 bytes )
File name: install_adobeflashplayer.exe
File type: Win32 EXE
Detection ratio: 2 / 48
Analysis date: 2013-09-27 06:04:19 UTC ( 0 minutes ago )
https://www.virustotal.com/en/file/ff31 ... 380261859/

Attachments

install_adobeflashplayer.zip

(81.29 KiB) Downloaded 67 times

Username

Win32:Virut

Posts

324

Joined

Sat Jun 02, 2012 2:22 pm

Re: Win32/Reveton

#20997 by forty-six
Fri Sep 27, 2013 8:46 pm

[url]hxxp://defrr.concretestakepullers.com:90/index.html?p=5125&e=14"[/url]

Attachments

calc.7z

(46.55 KiB) Downloaded 65 times

Username

forty-six

Posts

66

Joined

Tue Sep 03, 2013 3:23 pm

Re: Win32/Reveton

#21001 by Win32:Virut
Sat Sep 28, 2013 9:12 am

forty-six wrote:[url]hxxp://defrr.concretestakepullers.com:90/index.html?p=5125&e=14"[/url]

Urausy, not Reveton.

Username

Win32:Virut

Posts

324

Joined

Sat Jun 02, 2012 2:22 pm

Re: Win32/Urausy (aka "WinLocker")

#21002 by Win32:Virut
Sat Sep 28, 2013 9:15 am

Code: Select all

hxxp://seffve.stick-on-readers.org:90/index.html?p=5300

Username

Win32:Virut

Posts

324

Joined

Sat Jun 02, 2012 2:22 pm

Re: Win32/Urausy (aka "WinLocker")

#21006 by Win32:Virut
Sat Sep 28, 2013 5:09 pm

326 samples

Attachments

326 samples.7z

(3.26 MiB) Downloaded 81 times

Username

Win32:Virut

Posts

324

Joined

Sat Jun 02, 2012 2:22 pm