Search
Keyword: unauthorized file encryption
encryption parameter -p {directory} → used to specify a target directory to encrypt -list {text file} → used to specify a text file containing target directories to encrypt -delete → used to delete itself
This Ransomware does the following: It checks if the file size is greater than 2GB if so, it will call a function to perform faster file encryption It does not append any extension on encrypted files It
This Ransomware does the following: It checks if the file size is greater than 2GB if so, it will call a function to perform faster file encryption It does not append any extension on encrypted files It
scan for network encryption mode -p → Specify a path to a file containing a system path for file encryption mode -m → Specify encryption mode: all|local|net|backups all → Encrypt both local and network
encryption. It accepts the following parameters: -p → Path to only encrypt files -s → Path to a file containing list of shares to include in the encryption -n → Encryption percentage on how much content of the
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It attempts to steal information, such as user names and
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It attempts to steal sensitive online banking
address/domain}:{port} . The malware is encoded to Base64 for encryption then concatenated to URL and finally sent to the following URL: http://{BLOCKED}-uro.ru/get/index.php?record={encoded base64 stolen
encrypted: {Malware Directory}\.iso {Directory where a file was encrypted}\ReadMe.txt -> Contains encrypted key used for encryption Ransomware Routine This Ransomware encrypts files with the following
This spyware may arrive bundled with malware packages as a malware component. It may arrive as a file that exports functions used by other malware. It arrives on a system as a file dropped by other
scanned time - interval to rescan the process cryp - boolean (1/0) data for stolen information encryption Stolen Information The stolen information is saved in the following file: {malware path and file
version infromation -e, --exclude {File path} - Exclude file for encryption -p, -paths {Directory} - Encrypts the specified directory --raise-priv {true/false} - Execute with admin privilege (Default: true)
CVE-2010-3145,MS11-001 Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It avoids encrypting files with the following file
%ProgramData%\ntuser.dat as a configuration file -I ← AES key for decrypting the RSA public key (Optional) -s ← Copies itself to %ProgramData% directory -t ← Sets the number of threads for encryption -d ← Sets
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It uses a convincing Graphical User Interface to make
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It attempts to steal sensitive online banking
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It uses a convincing Graphical User Interface to make
information in the affected system's registry. It also utilizes encryption
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It uses a user interface (UI). It drops files as