Home / malwarePDF  

Ransom:MSIL/Hasadcrypt


First posted on 09 June 2016.
Source: Microsoft

Aliases :

There are no other names known for Ransom:MSIL/Hasadcrypt.

Explanation :

Installation

This malware is downloaded by macro or JavaScript malware that is delivered through spam or when a user visits a malicious or compromised website.

Payload

Encrypts files

This threat encrypts the following files and renames them to .xxx-encrypted:

  • 7z
  • bin
  • bmp
  • cer
  • crx
  • css
  • dat
  • doc
  • htm
  • html
  • ico
  • jpg
  • js
  • log
  • pdf
  • png
  • txt
  • xml


For example:
  • content-fonts.82-encrypted
  • displaylanguagenames.en_us.0-encrypted
  • words.61-encrypted


Drops the recovery instructions named read_me_to_recover.html to the following folder:
  • C:\*.* - excluding windows
  • %ProgramFiles% \*.*


Note: *.* including sub-folders



Analysis by: Patrick Estavillo

Last update 09 June 2016

 

TOP

Malware :