[ikolor]

next,

https://www.virustotal.com/en/file/886e ... 458848101/

[sysopfb]

Commonly used to download Kovter. Also been used to download cryptowall, teslacrypt,radamant...

They added a crappy 'ransomware' piece to the top of the javascript that will download a simple exe that takes a file as a parameter and XORs the first 0x800 or 2048 bytes of the file with a static 255 byte key.
The XOR is done by reading a single byte from the file at a time....




javascript and file crypter exe in attachment.

[ikolor]

next ..

https://www.virustotal.com/en/file/32e9 ... 464805998/