Search
Keyword: unauthorized file encryption
%ProgramData%\ntuser.dat as a configuration file -I ← AES key for decrypting the RSA public key (Optional) -s ← Copies itself to %ProgramData% directory -t ← Sets the number of threads for encryption -d ← Sets
information in the affected system's registry. It also utilizes encryption
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It adds certain registry entries to disable the Task
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It uses a user interface (UI). It drops files as
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It attempts to steal sensitive online banking
localhost/api/Encrypted.php It also sends the following information: vector encrypted file count computer name elapsed time of encryption decryption info encryption ID Trojan-Ransom.Win32.Crypren.aede (KASPERSKY); Trojan.Gen.2
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops files as ransom note. Arrival Details This
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It avoids encrypting files with the following file
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It encrypts files found in specific folders. It
unknowingly by users when visiting malicious sites. Installation This Ransomware drops the following files: {filename of encrypted file}.bin – encryption key, deleted after { filename of encrypted file
tab. Encrypt or erase found files based on specifications set in the Criteria tab. Select if ransom note is to be dropped. Delete the malware file after encryption or when the GUI is closed. Hide the
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It attempts to steal sensitive online banking
on reports. It also is possibly using networks that have already been compromised in a previous attack using Emotet and Qakbot malware. It is capable of the following: Information Theft File Encryption
CVE-2008-2935 Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in
drives. It displays its ransom note after encryption. It accepts the following parameters: /r → Allows the encryption of files in a random order /full → Encrypt the whole content of the target file (if not
Engine (GRE) vulnerability. This zero-day exploit causes certain functions of Windows GRE to perform an unauthorized memory access when rendering the WMF file. Users viewing the said file are bound to
Application does the following: It is a reverse socks5 tunneler with encryption and basic proxy authentication support It accepts the following parameters: -cert {string} → certificate file -connect {string}
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It uses a convincing Graphical User Interface to make
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It attempts to steal sensitive online banking
to manipulate VFS Framework functionality Network transport functionalities RC5 encryption and decryption Use of nrv2 family of algorithms for UCL library compression/decompression