A forum for reverse engineering, OS internals and malware analysis 

Forum for completed malware requests.
 #31253  by Fedor22
 Sun Feb 11, 2018 3:19 pm
1. EnkripsiPC
This ransomware encrypts user data using AES, and then requires a redemption of 0.5 bitcoins to return files. The name is original, in addition, the code mentions: Indonesian Ransomware v3, IDRANSOMv3. Developer: humanpuff69. Oriented to Indonesian users, the code even explicitly states that: "Ransomware that encrypt all your files with indonesian language". Fake Name: "Intaller Install Program".
VT (43/67): https://www.virustotal.com/ru/file/d09d ... /analysis/
VT (42/61): https://virustotal.com/en/file/7650540f ... /analysis/
2. Antihacker2017 (Russian Ransomware)
Just ransomware, based on Xorist. Appends .antihacker2017 to encrypted files. The developer disappeared under the nickname of "Antihacker."
VT (48/56): https://www.virustotal.com/en/file/8cfc ... /analysis/
3. GoldenEye (3rd variant of Petya)
Encrypts user data using AES (in CBC mode), and then requires a ransom of 1.33-1.34 bitcoins to get the files back. From the analysis results it is clear that there is still an original project name: ZoomIt. Fake names: ESET OnlineScanner, EOS_v2. Developer: Janus Cybercrime Solutions.
VT (57/67): https://www.virustotal.com/en/file/b5ef ... /analysis/
VT (54/64): https://virustotal.com/en/file/b94d5d1a ... /analysis/
VT (49/64): https://www.virustotal.com/en/file/56a9 ... /analysis/