Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Online Analysis:
- https://www.hybrid-analysis.com/sample/b66d3904c6cbbdedc880d9784e8b028f2d59278def689ad995c93a1b2aebbac5?environmentId=1
- Virustotal:
- https://www.virustotal.com/en/file/b66d3904c6cbbdedc880d9784e8b028f2d59278def689ad995c93a1b2aebbac5/analysis/1457385949/
- --- VxStream Sandbox Analysis Summary ---
- File Name: removeAttr.scr
- Analysis State: SUCCESS
- Threat Verdict: malicious
- Threat Score: 86/100
- AV Detection Ratio: 7%
- AV Family Name: BehavesLike.Expiro
- Time of analysis: 2016-03-07 15:08:13
- File Size (bytes): 197120
- File Type: PE32 executable (GUI) Intel 80386, for MS Windows
- Contacted Domains: none
- Contacted Hosts: 89.108.85.163
- Environment: Windows 7 32 bit - Usermode Monitor (EID: 1)
- Recovery Instructions:
- !!! IMPORTANT INFORMATION !!!!
- All of your files are encrypted with RSA-2048 and AES-128 ciphers.
- More information about the RSA and AES can be found here:
- http://en.wikipedia.org/wiki/RSA_(cryptosystem)
- http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
- Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.
- To receive your private key follow one of the links:
- 1. http://i3ezlvkoi7fwyood.tor2web.org/32C0D883E1644D0A
- 2. http://i3ezlvkoi7fwyood.onion.to/32C0D883E1644D0A
- 3. http://i3ezlvkoi7fwyood.onion.cab/32C0D883E1644D0A
- If all of this addresses are not available, follow these steps:
- 1. Download and install Tor Browser: https://www.torproject.org/download/download-easy.html
- 2. After a successful installation, run the browser and wait for initialization.
- 3. Type in the address bar: i3ezlvkoi7fwyood.onion/32C0D883E1644D0A
- 4. Follow the instructions on the site.
- !!! Your personal identification ID: 32C0D883E1644D0A !!!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement