SecurityHome.eu Trojan.Ransomcrypt.J

Home / malware PDF

Trojan.Ransomcrypt.J

First posted on 06 June 2014.
Source: Symantec
Aliases :
There are no other names known for Trojan.Ransomcrypt.J.
Explanation :
When the Trojan is executed, it creates the following file:
%Temp%\Quest Software\PowerGUI\[RANDOM CHARACTERS]\crypter.ps1

The Trojan then scans the compromised computer for the following types of files:Text documentsMicrosoft Office filesImages
If the Trojan finds these files, it will encrypt them and add the following string at the end of their file names:
.POSHCODER

The Trojan may also create the following file in each folder where files have been encrypted:
UNLOCKYOURFILES.html

The .html file includes information on how the user can obtain the private key needed to decrypt their files.
Last update 06 June 2014

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Trojan.Ransomcrypt.P
Trojan.Ransomcrypt.L
Trojan.Ransomcrypt.H
Trojan.Ransomcrypt.G
Trojan.Ransomcrypt.I
Trojan.Ransomcrypt.O
Trojan.Ransomcrypt.J
Trojan.Ransomcrypt.K
Trojan.Ransomcrypt.M