Troj/Ransom-ACP

Category: Viruses and SpywareProtection available since:09 Oct 2013 19:48:35 (GMT)
Type: TrojanLast Updated:17 Oct 2013 20:21:23 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Ransom-ACP include:

Example 1

File Information

Size
749K
SHA-1
0c8490a1034d02fdcc59c2cd16da9b4c623d20d7
MD5
0a6bd33f3d37809e92f272eaf304eab3
CRC-32
ab3e900a
File type
Windows executable
First seen
2013-10-08

Other vendor detection

Avira
TR/Ransom.Blocker.cmkv

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Botqnfioxfvznn.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    CryptoLocker
    "c:\Documents and Settings\test user\Application Data\Botqnfioxfvznn.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *CryptoLocker
    "c:\Documents and Settings\test user\Application Data\Botqnfioxfvznn.exe"
Processes Created
  • c:\Documents and Settings\test user\application data\botqnfioxfvznn.exe
DNS Requests
  • aocnwqhycmoymqg.co.uk
  • bgnehuactymjiwh.co.uk
  • bjaihrsknhdxjwl.net
  • budsonmwyytkekf.com
  • bvrrtsbjhnajgep.info
  • cekmpindoniycgt.ru
  • cfxpfvgxlbpwmkg.net
  • cgmokbuktpvvfxe.com
  • ctufxwdflencidl.biz
  • dalflcapnghmcmy.net
  • dmntcxaiqcbhngc.biz
  • dofjgnxxmksdkdl.org
  • euvjtsuiommnuky.ru
  • ewiqsgtjdewtmsu.ru
  • geqfvggixsisbxa.co.uk
  • gniochsruqajqic.net
  • himdsqmkuptmtvt.info
  • hisskrgqohwbjmq.ru
  • hybjewbbyyntkky.com
  • ieeqkmrqefbhfav.org
  • ijtvwfhacqqmpsy.org
  • jaweghhjtesadat.net
  • jyouswfpxvxyflt.info
  • kapxfkgylfrkegg.com
  • kbewkpulttxjilf.info
  • keqbksukupoviio.biz
  • ljwrgcxnmogyyey.ru
  • lolxbxffsmyahvk.ru
  • lsiluvjwifmrpbp.biz
  • lybfsdijoglnbxl.org
  • lyupbcoouowqipl.com
  • mjpmrkiphqsdqwi.net
  • mjvcjisemdvrjcy.co.uk
  • mraysutkdiyhead.biz
  • mumdsxtjeeptigb.co.uk
  • nfhajdeecbaxhmb.info
  • nksmimevhtlfrxg.org
  • npwhbihixumlidh.com
  • nqfqosjntdverft.biz
  • oarernrdvrwpqay.net
  • obanfbdogfrqqyi.ru
  • pjqxdhlbiepvpoo.ru
  • qtlutpfcuglixop.org
  • qxmsehmsvhkyspm.biz
  • rbbyqxgahsojrwn.co.uk
  • sivnwbtfasvgkum.org
  • slvvhgabtukvqjg.info
  • tdgrfroxbybhktd.info
  • tjdgbmfusqmvhlp.biz
  • uehuryiqhuuqtsi.com
  • uenkjwstmhjnjdm.org
  • unyexwltplpipvk.ru
  • vayijretcfntvvn.co.uk
  • weuggcksyaqgeqn.info
  • wfjflhyfhowfrfi.co.uk
  • wujmrcrsvvklfut.com
  • wvrvfpdpgjtetgq.biz
  • wyeafmvxarkscbr.co.uk
  • xjywvrgsxouwbon.info
  • xncahwlkootmyuy.biz
  • xtoendqqbxptclq.com
  • yehqginxpksmejj.org
  • yejbeiblyuaxkpe.net
  • yoddtefduknvpqi.ru
  • yvfhtmxeqdxdnbc.net

Example 2

File Information

Size
445K
SHA-1
118a3c7b857a623d1b1a6e740928ee88b9111487
MD5
ee4b929a75a06bb9ee4373d15a70c724
CRC-32
39c17581
File type
Windows executable
First seen
2013-10-09

Example 3

File Information

Size
752K
SHA-1
a01c8fb70b59bf800153495141f72b2246606a49
MD5
e1f6706fe8bdd3c63fc15cdfe3fdf723
CRC-32
1d8b567f
File type
Windows executable
First seen
2013-10-09

Other vendor detection

Avira
TR/Ransom.Blocker.cmkv

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Botqnfioxfvznn.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *CryptoLocker
    "c:\Documents and Settings\test user\Application Data\Botqnfioxfvznn.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    CryptoLocker
    "c:\Documents and Settings\test user\Application Data\Botqnfioxfvznn.exe"
Processes Created
  • c:\Documents and Settings\test user\application data\botqnfioxfvznn.exe
DNS Requests
  • bkgaguxwsxsmvwn.org
  • cmuiecllmyviinw.info
  • dfeytdjrxdegtkp.co.uk
  • emgndnsuujqrwvg.co.uk
  • fauatemaispfwin.info
  • fbctgnwdkkchrvh.com
  • fobvavihlyljwly.info
  • gieipentndtbewj.com
  • gwcnngpaibrtekn.net
  • gyskdoaywkmsnbn.net
  • hkyqmmdgesosuvk.net
  • hywvkofmyqmlehc.biz
  • isaiawkybuudekh.ru
  • jqdmustrqpbptst.com
  • jqqttwlgafyalvl.biz
  • juuqwfalrkpuuqe.org
  • kpbwedhqfhxdkal.biz
  • kpoedhyfowvnjpu.org
  • ksxurxabkyldkol.net
  • lbncocwqpxfxwsl.net
  • lrvfbinayqiqkjl.ru
  • nhygulsxickktmk.ru
  • nwlwbmkccfdywku.ru
  • ogwqevgwwthxrul.co.uk
  • ojtorqyhcluxkpx.org
  • pfqytxtivyiidqu.com
  • pirybbmgqdrlrlh.info
  • prjvouvwhkoslds.org
  • prvopqewxugewqi.biz
  • qtqwmytjokbvwgb.ru
  • rnhqbfjitrmtscs.info
  • rntjcbrikcefwwj.org
  • snpdyjqocfpwvon.com
  • sporyjhubrywnvk.co.uk
  • tiripjddphpywhi.co.uk
  • tmnnitenqwmkvxf.biz
  • ukmqmrspgwkqwew.info
  • vepdctqoconaeua.com
  • welwycputryrkjh.ru
  • wgklycgbseirubw.net
  • xdjhimdtijvfrti.co.uk
  • yoiftkklgqulfsm.biz