[TETYYSs]

Russian "WinLocker".

Win32.Gimemo / ScreenLocker.BC / Win32/LockScreen.ATZ / Trojan-Ransom.Win32.Gimemo.autu / Win32/Somhoveran.A

MD5: 2f9d774bf6bfb32b91a1706a0968e399
VT: https://www.virustotal.com/fr/file/96c2 ... 370970028/

[EP_X0FF]

Russian "WinLocker".

Win32.Gimemo / ScreenLocker.BC / Win32/LockScreen.ATZ / Trojan-Ransom.Win32.Gimemo.autu / Win32/Somhoveran.A

MD5: 2f9d774bf6bfb32b91a1706a0968e399
VT: https://www.virustotal.com/fr/file/96c2 ... 370970028/

Script-kiddie ransom, created in Delphi and packed with PECompact and after this MPRESS (it is boring even upload here as unpacked). This and locker "content" mean it was created by kids. Pretty popular trend for last half of year - these ransoms usually called "anticheat" programs.

Authors youtube chanel -> http://www.youtube.com/user/garrik20002000, 2000 probably is year of birth :)

Review http://www.youtube.com/watch?v=d7S1gIypZ8Q

Posts moved as this ransom have nothing to do with professional Reveton ransom.

[kakarot]

Hey , i tested out this screenlocker on my vm , it was good for me since i am beginner . I just have 1 question how can i change the text of this malware i mean it's all in russian i want to reverse or duplicate it in english :) . How can i do that ? any starting points ?

[TETYYSs]

you can start by submitting a tip to fbi here --> https://tips.fbi.gov/

[EP_X0FF]

I just have 1 question how can i change the text of this malware i mean it's all in russian i want to reverse or duplicate it in english :) . How can i do that ? any starting points ?

Here is the answer, #1 http://www.kernelmode.info/forum/viewtopic.php?f=8&t=16

[kakarot]

Got my answer :) Now i know what not to ask :D .

P.S. I never had any ill intention regarding that malware . I was just curious on how to reverse a malware . That's ALL !!