Win32/Urausy (aka "WinLocker") - Page 3

Re: unknown bots

#18442 by kmd
Wed Mar 06, 2013 12:23 pm

https://www.virustotal.com/en/file/ab56 ... 362572589/

pwd infected

Attachments

99188ba7174dcf8e40968b0171b6be4c271a8cce.rar

(72.14 KiB) Downloaded 89 times

Username

kmd

Posts

271

Joined

Mon Mar 15, 2010 4:09 am

Location

Russian Federation

Re: unknown bots

#18444 by EP_X0FF
Wed Mar 06, 2013 12:30 pm

kmd wrote:https://www.virustotal.com/en/file/ab56 ... 362572589/

pwd infected

Urausy.C, post moved.

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Win32/Urausy (aka "WinLocker")

#18605 by Blaze
Wed Mar 20, 2013 9:33 am

Another one.

From http://kernelmode.info/forum/viewtopic. ... =40#p18604

Attachments

kx436wkjju1nkzrn9hksxz.zip

(52.9 KiB) Downloaded 82 times

Username

Blaze

Posts

198

Joined

Fri Aug 27, 2010 7:35 am

Contact

Re: Win32/Urausy (aka "WinLocker")

#18712 by r3shl4k1sh
Wed Mar 27, 2013 2:58 am

Another one:

MD5: 0f28be3f285aaade36541228f3de0825
SHA1: 1fce514ebbca19d47ce70e7b7f9f93f6ef98ea02

VT: https://www.virustotal.com/en/file/4a64 ... /analysis/

Attachments

0f28be3f285aaade36541228f3de0825.zip

pass: infected
(52.31 KiB) Downloaded 86 times

Username

r3shl4k1sh

Posts

119

Joined

Tue Feb 05, 2013 10:26 pm

Location

Israel

Contact

Re: Win32/Urausy (aka "WinLocker")

#18751 by Blaze
Fri Mar 29, 2013 10:31 am

Another one.

Attachments

files.zip

(53.81 KiB) Downloaded 85 times

Username

Blaze

Posts

198

Joined

Fri Aug 27, 2010 7:35 am

Contact

Re: Win32/Urausy (aka "WinLocker")

#18854 by secObs
Fri Apr 05, 2013 9:55 pm

Three samples of Urausy used by Sibhost "Exploit Kit".

Md5: 7007f8704699837e95d1c023137e435f, c2020289d595a0ea5316b56ef32ea418, e80893875da723b2f4304dfca36e032e

Attachments

3_Urausy.rar

pwd: infected
(148.72 KiB) Downloaded 81 times

Username

secObs

Posts

25

Joined

Sun Mar 04, 2012 10:53 pm

Location

here, there and everywhere

Contact

Re: Win32/Reveton

#18870 by Win32:Virut
Mon Apr 08, 2013 12:47 pm

MD5: 8319818B25E4054CC6E8EA80E9CBB4E9

https://www.virustotal.com/en/file/af27 ... /analysis/

Attachments

1.7z

Password: infected
(48.7 KiB) Downloaded 86 times

Last edited by EP_X0FF on Mon Apr 08, 2013 2:10 pm, edited 1 time in total. Reason: resized

Username

Win32:Virut

Posts

324

Joined

Sat Jun 02, 2012 2:22 pm

Re: Win32/Urausy (aka "WinLocker")

#18880 by Win32:Virut
Tue Apr 09, 2013 3:06 pm

10 samples

Attachments

22121.7z

Password: infected
(300.43 KiB) Downloaded 83 times

Username

Win32:Virut

Posts

324

Joined

Sat Jun 02, 2012 2:22 pm

Re: Win32/Urausy (aka "WinLocker")

#18888 by Blaze
Wed Apr 10, 2013 8:18 am

Middle-East ransomware:

All credits to @Kafeine. Post:
http://malware.dontneedcoffee.com/2013/ ... under.html

Attachments

Urausy_from_CoolEK_2013-04-06.zip

(151.38 KiB) Downloaded 102 times

Username

Blaze

Posts

198

Joined

Fri Aug 27, 2010 7:35 am

Contact

Unknown Ransomware

#19149 by bsteo
Thu May 02, 2013 11:13 am

Hi! A client of mine just got infected with some kind of ransomware that Avira can't seem to detect.

Any idea what ransomware is and how to remove? Is starting only on the infected user.

Last edited by Xylitol on Thu May 02, 2013 11:45 am, edited 1 time in total. Reason: Screenshot resized to be more accurate and reduced the size of 4Mb to 584 Kb

Username

bsteo

Posts

85

Joined

Fri Nov 16, 2012 5:50 pm