Home / malware Trojan.Cryptolocker.U
First posted on 29 May 2015.
Source: SymantecAliases :
There are no other names known for Trojan.Cryptolocker.U.
Explanation :
Once executed, the Trojan creates the following folder:
%UserProfile%\Application Data\tox_tor
The Trojan also creates the following files:
%UserProfile%\Application Data\tox_tor\tor.zip%UserProfile%\Application Data\tox.log
Next, the Trojan encrypts files with the following file extensions:
.3fr.3gp.accdb.aep.aepx.ai.arw.asf.asp.aspx.bay.blend.bmp.c.cad.cdl.cdr.cer.class.cpp.cr2.crt.crw.cs.css.csv.dbf.dcr.der.dng.doc.docm.docx.dss.dwg.dxf.dxg.eml.eps.erf.h.hpp.indd.java.jpe.jpeg.jpg.js.kdc.mdb.mdf.mef.mrw.mswmm.nef.nrw.odb.odc.odm.odp.ods.odt.orf.p12.p7b.p7c.pdd.pdf.pef.pem.pfx.php.pl.png.pps.ppt.pptm.pptx.prproj.psd.pst.ptx.pub.py.qbb.qxd.r3d.raf.raw.rmvb.rtf.rw2.rwl.sit.sitx.sql.sr2.srf.srw.ss.swf.tif.txt.veg.wb2.wpd.wps.x3f.xlk.xls.xlsb.xlsm.xlsx.xml
The Trojan then demands that the user pay a ransom in bitcoins in order to decrypt the files.Last update 29 May 2015
