A forum for reverse engineering, OS internals and malware analysis 

Ask your beginner questions here.
 #28447  by creati0n
 Mon May 02, 2016 9:51 pm
Hi,
I am trying to analyze TeslaCrypt and I'm a bit of a noob. I have IDA, Ollydbg, pestudio, couple other tools i've tested out but none have yielded answers to fundamental questions i have about the malware.

my main question is: teslacrypt adds itself to startup. so that means there must be some check it does to see if its already encrypted the system right? Maybe it checks if there is already a file that is encrypted, or if there is some information already stored in the registry... whatever it is teslacrypt does not re-encrypt your already encrypted files after a system reboot, and im wondering how it does this, and how i can find this out on my own in the future.

Thanks.