SecurityHome.eu Trojan.Cryptolocker.I

Home / malware PDF

Trojan.Cryptolocker.I

First posted on 08 September 2014.
Source: Symantec
Aliases :
There are no other names known for Trojan.Cryptolocker.I.
Explanation :
When the Trojan is executed, it creates the following file:
[PATH TO TROJAN]\Locker.exe

Next, the Trojan creates the following registry entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"CLock" = "[PATH TO TROJAN]\Locker.exe"

The Trojan then encrypts data files on the infected computer and adds the following extension to each file:
._clf

The Trojan then demands payment to unlock the files.

The Trojan connects to the following remote locations to download the key needed to decrypt the files: clredirect.no-ip.netwww.wnzo.nl/modules/tmp/clredirect.ddns.net
Note: This Trojan is also known as Cryptographic Locker.
Last update 08 September 2014

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Trojan:W32/Qhost.JE
Trojan-Downloader:HTML/Agent.DY
Trojan.Cidox!kmem
Trojan.Ransomlock!g75
Trojan.Klovbot!gen2
Trojan.Poweliks!gm
Trojan.Shylock!gen9
Trojan-Dropper:W32/Agent.CMW
Trojan-Downloader:W32/Agent.TPF
Trojan:SymbOS/Bootton.I