Trojan.Ransom.YM / Meredrop

#18846 by Mosh
Fri Apr 05, 2013 6:52 am

MD5: 1105c4df3562b7ac9aaa3bf6037397c9
SHA1: 5abd5e024b85078b9060e4eb75c9fc9c7549ad55
Detection: 27 / 46
https://www.virustotal.com/es/file/efd8 ... 365137906/

Attachments

malware.zip

infected
(145.12 KiB) Downloaded 55 times

Username

Mosh

Posts

29

Joined

Thu Oct 06, 2011 4:10 pm

Location

Colombia

Contact

Re: Trojan.Ransom.YM / Meredrop

#18851 by EP_X0FF
Fri Apr 05, 2013 3:21 pm

Low budget Russian ransomware made by script-kiddies.

WinRAR SFX -> WinRAR SFX (with password) -> Ransom -> NSPack -> MSVC.

In attach unpacked. Unlock code: 7u

For code check see @00401EAE.

That's how it looking, since this ransomware is using ANSI API to draw text all cyrillic symbols screwed up in your screenshot.

Attachments

30620.rar

pass: infected
(28.53 KiB) Downloaded 50 times

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Trojan.Ransom.YM / Meredrop

#18864 by Mosh
Sun Apr 07, 2013 3:44 pm

Thanks for your feedback EP_X0FF, this info is very useful for my analysis.

Username

Mosh

Posts

29

Joined

Thu Oct 06, 2011 4:10 pm

Location

Colombia

Contact