[Maxstar]

Hi,

I post this request with permissions of EP_X0FF because I have no more information than;
1) This is a (Dutch) trojan.ransom (winlocker) that is similar to the German Bundespolizei (Ukash) winlocker, see the screenshot.
2) I've only names of the dropped files under HKEY_Current_User\software\microsoft\windows\current version\run no MD5 hash of other information.
Vasja / upd.exe
3) Since yesterday, many (Dutch) people are infected with this malware, so it's realy new.
http://www.security.nl/artikel/39213/1/ ... _euro.html
http://www.gelderlander.nl/voorpagina/a ... -porno.ece



Edit
I've found a MD5 hash at Virustotal.
http://www.virustotal.com/file-scan/rep ... 1321307995
MD5 : 601c1dcbafd1df3cd8030c823a289f46
File name: upd.exe
Submission date: 2011-11-14 21:59:55 (UTC)
Result: 0 /42 (0.0%)

http://www.virustotal.com/file-scan/rep ... 1321517815
File name: file-3131285_exe
Submission date: 2011-11-17 08:16:55 (UTC)
Result: 9 /42 (21.4%)

Another possible MD5 hash from Virscan.org.
http://r.virscan.org/0d61ee25099812a66edb9784005d4a75
MD5 : 7161582a564bfba2c2d0ed0a54ed91e4

Thanks in advance,

Maxstar

[erikloman]

... This is a (Dutch) trojan.ransom (winlocker) that is similar to the German Bundespolizei (Ukash) winlocker ...

Edit
I've found a MD5 hash at Virustotal.
http://www.virustotal.com/file-scan/rep ... 1321307995
MD5 : 601c1dcbafd1df3cd8030c823a289f46
File name: upd.exe
Submission date: 2011-11-14 21:59:55 (UTC)
Result: 0 /42 (0.0%)

Thanks in advance,

Maxstar

Here you go. See attachment.