Mal/Ransom-AC

Category: Viruses and Spyware Protection available since:19 Jan 2013 04:34:59 (GMT)
Type: Malicious behavior Last Updated:19 Jan 2013 04:34:59 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/Ransom-AC include:

Example 1

File Information

Size
140K
SHA-1
022ccea2d15d1f52c744d85c7030961154c72c28
MD5
758d606eef5b7c64b41fb7a118155b8a
CRC-32
e49deb1a
File type
Windows executable
First seen
2013-01-17

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\All Users\Application Data\elpmas.pad
    Size
    91M
    SHA-1
    56936514ee02bd349020613d17bf73aa955b26b8
    MD5
    b1f8c9ad8190f85e2125445401e3dd2b
    CRC-32
    7dd18ef2
    File type
    Unspecified binary - probably data
    First seen
    2013-01-17
  • C:\Documents and Settings\All Users\Application Data\elpmas.js
    Size
    2.4K
    SHA-1
    8ee4bff2fd557efb4f54333291d53e29c25b7658
    MD5
    f401340119e2ee08feab6563955c783b
    CRC-32
    dfc09537
    File type
    JavaScript
    First seen
    2012-12-22
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\runctf.lnk
    Size
    740
    SHA-1
    381b4b3821870e8f04e0205f5a6216e89abf44d9
    MD5
    f7b6b37ef03cf5fa8b9e3b0494e423f7
    CRC-32
    3e7f1b68
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-01-17
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\Main
    NoProtectedModeBanner
    0x00000001
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
IP Connections
  • 31.44.184.51:443
  • 66.197.250.229:80

Example 2

File Information

Size
140K
SHA-1
47a419094b2547f12d477fe0cfccbf3a3d2e344f
MD5
1b096af3422235d56c74a254cb2639dd
CRC-32
3ab67ec0
File type
Windows executable
First seen
2007-07-24

Example 3

File Information

Size
140K
SHA-1
535a2ee7a66d8a70bd762185bd42d6a7d96a1f58
MD5
7412c3fa835eef9b8016d8ca76886645
CRC-32
f84c0589
File type
Windows executable
First seen
2013-01-17

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\All Users\Application Data\elpmas.pad
    Size
    91M
    SHA-1
    4a52f10152dfece783a45d12586028c4cfc7e3c4
    MD5
    8d284bca0101ab75afbf3fb472435e9d
    CRC-32
    6d0d4138
    File type
    Unspecified binary - probably data
    First seen
    2013-01-17
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\runctf.lnk
    Size
    740
    SHA-1
    29400b19b7efddef5156e617a80419cf516daf10
    MD5
    ce03a13ea4f300737127af0f1a22480f
    CRC-32
    c7327891
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-01-17
  • C:\Documents and Settings\All Users\Application Data\elpmas.js
    Size
    2.4K
    SHA-1
    8ee4bff2fd557efb4f54333291d53e29c25b7658
    MD5
    f401340119e2ee08feab6563955c783b
    CRC-32
    dfc09537
    File type
    JavaScript
    First seen
    2012-12-22
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Main
    NoProtectedModeBanner
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    2500
    0x00000003
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
IP Connections
  • 31.44.184.51:80

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information