[xors]

From hxxp://64.29.151.221/87yg5fd5

[xors]

From hxxp://77.222.56.73/hrzl8dw5

[ikolor]

next ..

https://www.virustotal.com/en/file/c22a ... 468350876/

[benkow_]

next ..

https://www.virustotal.com/en/file/c22a ... 468350876/

it's Locky

[ikolor]

Hi for my curiosity .I don't understand what language is use on this file. 5mkejwj4.rar.If I edit it I see China language.But normally I think I should see compile C++ or another language.
Why this first file include china language .And works !!!

This is china language.

Code: Select all

몄ׯ꽪浽䝠䍻栕潎✢ᷢጜლ﬋䓇ᅩ៮䛯⌄鎎ᾅ肫媮蛸醐鞏ꑨ畬䭜וֹ㆜夲⊭⷟—ŏ诺ꊘꖪ�⇅ᯘ㟖햦ꡙ绋䆸ᔳ�盡깴鴄龒ኸⴗ敔䓟䮌ʞ굲୉ꄄ핪䟁䊾鿸툲䅮︼熪鉸懪챜䣒⽖푔ᠪ㯠읇雸社ˮ群퇧쭗典쒬쟾쏕曯殺ꩱཀྵဂ風巩䥎8쨲䃳쨧᪭贒曂꺦ꇀ扞ӎں躭西֚뮶㑹㐒뇃䛦姮Ġ앎昴ⴶ☭陃黸楻窹脻뇢↹젪슞ᦺ䮴꒑翔ᘝ蘀絪⍎聦૴板䭦暈呺껩垣�㐐蔱ွ釅蜦턨㲻䤠粔

This is normal file with compile language as C++

Code: Select all

This program cannot be run in DOS mode.

$       }ŇŁ'9łÍt9łÍt9łÍt0Ë^t:łÍt9łĚtdłÍt0ËIt łÍt0ËXt(łÍt0ËNtwłÍt0ËGt:łÍt'áYt8łÍt9łZt8łÍt0Ë\t8łÍtRich9łÍt                        PE  L ÇTW        ŕ 	     ~     (ď         @                      °         @                           Tś (    € đ                    p                                  P™ @             D                          .text   ä˙                          ŕ.rdata  „“    ”               @  @.data   `Ę   °  ľ   ˜             @  Ŕ.rsrc   đ   €     V             @  @.reloc  6        \             @  B                                                                                                                                                                                                                                                                                                                                        ‹˙U‹ěj j ˙učEÜ  ƒÄ]Ă‹˙VWľ°A V˙„A …ŔuVčŃi  Y‹ř…˙„^  ‹5A hüA W˙ÖhđA WŁ mD ˙ÖhäA WŁ¤mD ˙ÖhÜA WŁ¨mD ˙փ= mD  ‹5¨A Ł¬mD tƒ=¤mD  t
ƒ=¨mD  t…Ŕu$ˇ A Ł¤mD ˇ¬A Ç mD j@ ‰5¨mD Ł¬mD ˙¤A Ł°C ƒř˙„Ě   ˙5¤mD P˙Ö…Ŕ„»   č·Ş  ˙5 mD čßŇ  ˙5¤mD Ł mD čĎŇ  ˙5¨mD Ł¤mD čżŇ  ˙5¬mD Ł¨mD čŻŇ  ƒÄŁ¬mD čO)  …Ŕtehƒż@ ˙5 mD čîš  Y˙ĐŁ°C ƒř˙tHh  jč×U  ‹đYY…öt4V˙5°C ˙5¨mD 軚  Y˙Đ…Ŕtj Vč™]  YY˙€A ƒN˙‰3Ŕ@ëč¦  3Ŕ_^øN  ‹°xD ˙Ň …ÉtQj ˙A P˙A Ăjhx›C č<ŕ  ƒMŕ˙čB»  ‹ř‰}Üč§
  ‹_h‹učĺ  ‰E;C„W  h   čë,  Y‹Ř…Ű„F  ąˆ   ‹wh‹űóĄƒ# S˙učáĂ  YY‰Eŕ…Ŕ…ü   ‹uÜ˙vh˙´A …Ŕu‹Fh=Đ´C tPčş»  Y‰^hS‹=°A ˙×öFp…ę   ö»C …Ý   j
č–>  Yƒeü ‹CŁ”tD ‹CŁ˜tD ‹CŁśtD 3Ŕ‰Eäƒř}f‹LCf‰EˆtD @ëč3Ŕ‰Eä=  }

[EP_X0FF]

Can you attach this file? It maybe anything, data file, not even malware, encrypted piece of junk etc.

[ikolor]

ok look it.

[EP_X0FF]

What is the source of it?

[ikolor]

I don't know .If I open this file with notepad .I see china language .Normal I should see compile file .The question is why or what language is use on this file .This file I thing is malware .

[EP_X0FF]

This file is probably XOR'ed. So you won't see anything useful opening it as is especially in notepad.

https://en.wikipedia.org/wiki/XOR_cipher