Troj/Ransom-EKL

Category: Viruses and SpywareProtection available since:10 Apr 2017 20:19:10 (GMT)
Type: TrojanLast Updated:10 Apr 2017 20:19:10 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Ransom-EKL include:

Example 1

File Information

Size
332K
SHA-1
4fdae49be25846ca53b5936a731ce79c673a8e1f
MD5
808182340fb1b0b0b301c998e855a7c8
CRC-32
a3e95603
File type
Windows executable
First seen
2017-04-10

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\My Documents\GOAT9.XLS.WCRY
    Size
    509K
    SHA-1
    3f9b0b91dba64444931434216c16477ea3c9a16a
    MD5
    f9d0ae8671d74cf296d6804edef93746
    CRC-32
    d27f8cda
    File type
    Unspecified binary - probably data
    First seen
    2017-04-10
  • c:\Documents and Settings\test user\My Documents\GOAT1.XLS.WCRY
    Size
    28K
    SHA-1
    f82cfad0ac8f6b70813c070aee32575b01d117c3
    MD5
    eeae02f32357810b2d1c13110674d041
    CRC-32
    75d3d8cf
    File type
    Unspecified binary - probably data
    First seen
    2017-04-10
  • c:\Documents and Settings\test user\My Documents\GOAT7.XLS.WCRY
    Size
    107K
    SHA-1
    e5f0baf6d6bca879bcd4e06a09bc4717a2c80da9
    MD5
    d3ce28dafc26760f3bb904370e3cd520
    CRC-32
    84ffeb64
    File type
    Unspecified binary - probably data
    First seen
    2017-04-10
  • c:\Documents and Settings\test user\My Documents\SAMPLE1.XLS.WCRY
    Size
    33K
    SHA-1
    abb2cc2e8163a5373c1254eaf37d87f2c3cf951b
    MD5
    11f9211d7ea54ee26d4aec695c7c556d
    CRC-32
    0fa03d87
    File type
    Unspecified binary - probably data
    First seen
    2017-04-10
  • c:\Documents and Settings\test user\My Documents\GOAT2.XLS.WCRY
    Size
    32K
    SHA-1
    92b756dd83560739f8e9ed0851cf6d88e9392a69
    MD5
    d1f2c8fee9cbcd76a0ff6182f78c6790
    CRC-32
    b6b6fcce
    File type
    Unspecified binary - probably data
    First seen
    2017-04-10
  • c:\Documents and Settings\test user\My Documents\GOAT3.XLS.WCRY
    Size
    47K
    SHA-1
    551473247ba66fee22a9509426153a1b3fbd49a3
    MD5
    e743d8f9cc0697a504fbfef7114cd818
    CRC-32
    05487700
    File type
    Unspecified binary - probably data
    First seen
    2017-04-10
  • c:\Documents and Settings\test user\My Documents\sample1.doc.WCRY
    Size
    27K
    SHA-1
    eabcd213b4d0cca75fe6dbe23f46f2c41c7b809c
    MD5
    1b9d3f6cf83be6bd0436ff7d19e78d62
    CRC-32
    61e3e3b5
    File type
    Unspecified binary - probably data
    First seen
    2017-04-10
  • c:\Documents and Settings\test user\My Documents\GOAT4.XLS.WCRY
    Size
    62K
    SHA-1
    36d2367b321523697aa11a5c43e5e27f9caf2e1a
    MD5
    aea3b8f7c5a6aac363fe6dbfca0db5c0
    CRC-32
    3a83be3c
    File type
    Unspecified binary - probably data
    First seen
    2017-04-10
  • C:\files.txt.WCRY
    Size
    1.3M
    SHA-1
    b84fc9bf5916026daf15fdfb98d4403ec0919915
    MD5
    7899b384dd3609972f2cfeb4daa3de23
    CRC-32
    553b16f0
    File type
    Unspecified binary - probably data
    First seen
    2017-04-10
  • c:\Documents and Settings\test user\My Documents\GOAT5.XLS.WCRY
    Size
    77K
    SHA-1
    e72a95f68349c4ccb12287646a142ba563e04893
    MD5
    8a1ac518143e3e63d8bd5f1995ae2a43
    CRC-32
    90592676
    File type
    Unspecified binary - probably data
    First seen
    2017-04-10
  • c:\Documents and Settings\test user\My Documents\GOAT6.XLS.WCRY
    Size
    92K
    SHA-1
    9119610ee9e88794d5ed7587ee1ab363d1013eb5
    MD5
    e07ea813b8af847871f9f2c44001e9f9
    CRC-32
    f166d71a
    File type
    Unspecified binary - probably data
    First seen
    2017-04-10
  • c:\Documents and Settings\test user\My Documents\GOAT8.XLS.WCRY
    Size
    121K
    SHA-1
    0e2d076b8cb1384f33944458d4f96929f2ecd3ba
    MD5
    edc4e71642be42a7d3fab9e19f2a05ab
    CRC-32
    b07fd7dd
    File type
    Unspecified binary - probably data
    First seen
    2017-04-10
  • C:\md5_of_C_drive.txt.WCRY
    Size
    2.1M
    SHA-1
    38f4599ef7abe191fb138de3b4f16ec3bbf1c564
    MD5
    e7b491a6a78b9a3d92717995c895fe60
    CRC-32
    efc76ce8
    File type
    Unspecified binary - probably data
    First seen
    2017-04-10
  • c:\Documents and Settings\test user\My Documents\sample1.ppt.WCRY
    Size
    12K
    SHA-1
    2a043a0dadc639ab24ae0a2bae9bb48bc4cf796f
    MD5
    eb138710c7deab977fbd54f664edc276
    CRC-32
    a47bf311
    File type
    Unspecified binary - probably data
    First seen
    2017-04-10
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Microsoft Update Task Scheduler
    "c:\test_item.exe" /r
  • HKLM\SOFTWARE\WannaCryptor
    wd
    c:\bin
Processes Created
  • c:\bin\!wannadecryptor!.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\cscript.exe
  • c:\windows\system32\taskkill.exe
DNS Requests
  • dist.torproject.org
  • www.dropbox.com

Example 2

File Information

Size
236K
SHA-1
565e67fec07cfc67adc31f66747675343e82ebef
MD5
b27f095f305cf940ba4e85f3cb848819
CRC-32
d754154d
File type
Windows executable
First seen
2017-04-10