Home / malware Trojan.Cryptolocker.J
First posted on 15 November 2014.
Source: SymantecAliases :
There are no other names known for Trojan.Cryptolocker.J.
Explanation :
When the Trojan is executed, it creates the following files:
%UserProfile%\Start Menu\Programs\Startup\[FILE NAME].exe%UserProfile%\Start Menu\Programs\Startup\[FILE NAME].bmp%UserProfile%\Application Data\[FILE NAME].bmp
The Trojan modifies the following registry entry:
HKEY_CURRENT_USER\Control Panel\Desktop\"Wallpaper"="%UserProfile%\Application Data\[FILE NAME].bmp"
The Trojan encrypts files on the compromised computer with the following extensions:
.jpg.jpeg.doc.rtf.xls.zip.db3.rar.7z.kwm.docx.pdf.arj.csv.xlsm.key.cer.mpeg.accdb.psd.mov.odt.ppt.mdb.dwg.xml.dt.gsf.pps.ppt.xls.1cd.dbf
The Trojan adds the following to the end of the encrypted files:
[EMAIL ADDRESS]
The Trojan modifies the background on the compromised computer to one of the following images and demands a ransom to decrypt the files:Last update 15 November 2014
