Home / malware Ransom:Win32/Lamdelim.A
First posted on 02 March 2017.
Source: MicrosoftAliases :
There are no other names known for Ransom:Win32/Lamdelim.A.
Explanation :
This threat may arrive pretending to be a Microsoft file:
microsoft.exe
It uses the following icon:
When executed, it displays the following in full screen, effectively locking your computer:
It disables Task Manager by setting the following registry entry:
In subkey: HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Policies\System
Sets value: "DisableTaskMgr"
With data: "1" (REG_SZ)
The message asks for $200 ransom, to be paid to the following email address:
microsoftxyber[@]hackindex.com
If you enter the wrong code, it shows this message:
Interestingly, the unlock key is embedded in the malware code: 30264410
If this key is entered, this threat displays the following message, which you can close using the X button:
This threat has the following file properties:
Even though it uses the file name Microsoft.exe, it uses an invalid digital signature:
Analysis by Francis Tan SengLast update 02 March 2017
