removeAttr.scr-03072016

Online Analysis:
https://www.hybrid-analysis.com/sample/b66d3904c6cbbdedc880d9784e8b028f2d59278def689ad995c93a1b2aebbac5?environmentId=1

Virustotal:
https://www.virustotal.com/en/file/b66d3904c6cbbdedc880d9784e8b028f2d59278def689ad995c93a1b2aebbac5/analysis/1457385949/

--- VxStream Sandbox Analysis Summary ---

File Name: removeAttr.scr
Analysis State: SUCCESS
Threat Verdict: malicious
Threat Score: 86/100
AV Detection Ratio: 7%
AV Family Name: BehavesLike.Expiro
Time of analysis: 2016-03-07 15:08:13
File Size (bytes): 197120
File Type: PE32 executable (GUI) Intel 80386, for MS Windows
Contacted Domains: none
Contacted Hosts: 89.108.85.163
Environment: Windows 7 32 bit - Usermode Monitor (EID: 1)

Recovery Instructions:
           !!! IMPORTANT INFORMATION !!!!

All of your files are encrypted with RSA-2048 and AES-128 ciphers.
More information about the RSA and AES can be found here:
    http://en.wikipedia.org/wiki/RSA_(cryptosystem)
    http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.
To receive your private key follow one of the links:
    1. http://i3ezlvkoi7fwyood.tor2web.org/32C0D883E1644D0A
    2. http://i3ezlvkoi7fwyood.onion.to/32C0D883E1644D0A
    3. http://i3ezlvkoi7fwyood.onion.cab/32C0D883E1644D0A

If all of this addresses are not available, follow these steps:
    1. Download and install Tor Browser: https://www.torproject.org/download/download-easy.html
    2. After a successful installation, run the browser and wait for initialization.
    3. Type in the address bar: i3ezlvkoi7fwyood.onion/32C0D883E1644D0A
    4. Follow the instructions on the site.

!!! Your personal identification ID: 32C0D883E1644D0A !!!