Troj/Ransom-EHN exhibits the following characteristics:
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Application Data\wolverines.dll
- c:\Documents and Settings\test user\Application Data\bg_blackhalo.png
- c:\Documents and Settings\test user\Application Data\icon_copypaste_active.png
- Size
- 517
- SHA-1
- 47ce6dff2a416f11044f2e3338f44b6bbc56c354
- MD5
- 48b3e63b2aed6ec27ab691f2e73a5e84
- CRC-32
- 6510ebae
- File type
- image/x-png
- First seen
- 2017-02-16
- c:\Documents and Settings\test user\Local Settings\Temp\nsu4.tmp\nsDialogs.dll
- c:\Documents and Settings\test user\Application Data\icon_makeoffer_inactive.png
- Size
- 372
- SHA-1
- e1e89eb9875afc4666a87aad8a642261bae31d09
- MD5
- 8b95e799921f25179fc0fe098a0686d5
- CRC-32
- f4e584bc
- File type
- image/x-png
- First seen
- 2017-02-28
- c:\Documents and Settings\test user\Local Settings\Temp\nsu4.tmp\System.dll
- c:\Documents and Settings\test user\Application Data\icon_recieve_inactive.png
- Size
- 401
- SHA-1
- d4f61403333ebc8314a742e46c09915ddb30ec9d
- MD5
- 8cd57455ec0aa780c42436423bd4eedf
- CRC-32
- 0c025e78
- File type
- image/x-png
- First seen
- 2017-02-28
- c:\Documents and Settings\test user\Application Data\icon_contacts_inactive.png
- Size
- 388
- SHA-1
- defd2a120799f9a4733d54aa1cefc596bca36d8a
- MD5
- 303d4dd1e3eb1ff28b90f4ddc85ea76a
- CRC-32
- ad53f662
- First seen
- 2017-02-17
- c:\Documents and Settings\test user\Application Data\Edentate.gX