Home / malwarePDF  

Win32/Malasypt


First posted on 06 July 2016.
Source: Microsoft

Aliases :

There are no other names known for Win32/Malasypt.

Explanation :

Payload

Encrypts files

This ransomware can encrypt files on your PC.

It tries to encrypt files with the following extensions in every folder on your PC:

  • .3ds
  • .4db
  • .4dd
  • .7z
  • .7zip
  • .accdb
  • .accdt
  • .aep
  • .aes
  • .ai
  • .alk
  • .arj
  • .axx
  • .bak
  • .bpw
  • .cdr
  • .cer
  • .crp
  • .crt
  • .csv
  • .db
  • .dbf
  • .dbx
  • .der
  • .doc
  • .docm
  • .docx
  • .dot
  • .dotm
  • .dotx
  • .drc
  • .dwfx
  • .dwg
  • .dwk
  • .dxf
  • .eml
  • .enz
  • .fdb
  • .flk
  • .flka
  • .flkb
  • .flkw
  • .flwa
  • .gdb
  • .gho
  • .gpg
  • .gxk
  • .hid
  • .hid2
  • .idx
  • .ifx
  • .iso
  • .k2p
  • .kdb
  • .kdbx
  • .key
  • .ksd
  • .max
  • .mdb
  • .mdf
  • .mpd
  • .mpp
  • .myo
  • .nba
  • .nbf
  • .nsf
  • .nv2
  • .odb
  • .odp
  • .ods
  • .odt
  • .ofx
  • .ost
  • .p12
  • .pdb
  • .pfx
  • .pgp
  • .ppj
  • .pps
  • .ppsx
  • .ppt
  • .pptx
  • .prproj
  • .psd
  • .pst
  • .psw
  • .qba
  • .qbb
  • .qbo
  • .qbw
  • .qfx
  • .qif
  • .rar
  • .raw
  • .rfp
  • .rpt
  • .rsa
  • .rtf
  • .saj
  • .sdc
  • .sdf
  • .sef
  • .sko
  • .sql
  • .sqlite
  • .sxc
  • .tar
  • .tax
  • .tbl
  • .tc
  • .tib
  • .wdb
  • .xbrl
  • .xls
  • .xlsm
  • .xlsx
  • .xml


Demands payment to decrypt files

After encrypting files, the ransomware changes your desktop wallpaper to the following (or similar):



It also drops a text file in every folder where it has encrypted files. The text file also contains information about the encryption and how to restore your files. The following is an example:





Analysis by Jireh Sanico

Last update 06 July 2016

 

TOP