Ledger Nano X - The secure hardware wallet

wannacry avoid

a guest May 13th, 2017 3,256 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. There are a number of files and folders wannacrypt will avoid.
  2. Some because it's entirely pointless and others because it might destabilize the system.
  3. During scans, it will search the path for the following strings and skip over if present.
  5.     "Content.IE5"
  6.     "Temporary Internet Files"
  7.     " This folder protects against ransomware. Modifying it will reduce protection"
  8.     "\Local Settings\Temp"
  9.     "\AppData\Local\Temp"
  10.     "\Program Files (x86)"
  11.     "\Program Files"
  12.     "\WINDOWS"
  13.     "\ProgramData"
  14.     "\Intel"
  15.     "$\"
  17. The strange looking folder name referring to ransomware was probably used during tests
  18. or perhaps the authors left it behind by accident.
  20. Naturally, it will avoid encrypting itself and skips the following.
  22.     @Please_Read_Me@.txt
  23.     @WanaDecryptor@.exe.lnk
  24.     @WanaDecryptor@.bmp
  26. It will also skip files that have extensions: .DLL, .EXE, .WNCRY and .WNCRYT
  28. For everything else, there are 2 tables with file extensions it checks,
  29. the first and default list consists of
  31.   .doc, .docx, .xls, .xlsx, .ppt, .pptx, .pst, .ost, .msg,
  32.   .eml, .vsd, .vsdx, .txt, .csv, .rtf, .123, .wks, .wk1, .pdf,
  33.   .dwg, .onetoc2, .snt, .jpeg, .jpg
  35. The other is a much more extensive list, but is not used by the sample
  36. I have.
  38. It's not clear what the purpose of multiple file extensions are, but perhaps
  39. the ransomeware uses a library or framework that can be tweaked for specific targets.
  41.   .docb, .docm, .dot, .dotm, .dotx, .xlsm, .xlsb, .xlw, .xlt, .xlm, .xlc,
  42.   .xltx, .xltm, .pptm, .pot, .pps, .ppsm, .ppsx, .ppam, .potx, .potm, .edb,
  43.   .hwp, .602, .sxi, .sti, .sldx, .sldm, .sldm, .vdi, .vmdk, .vmx, .gpg, .aes,
  44.   .ARC, .PAQ, .bz2, .tbk, .bak, .tar, .tgz, .gz, .7z, .rar, .zip, .backup,
  45.   .iso, .vcd, .bmp, .png, .gif, .raw, .cgm, .tif, .tiff, .nef, .psd, .ai,
  46.   .svg, .djvu, .m4u, .m3u, .mid, .wma, .flv, .3g2, .mkv, .3gp, .mp4, .mov,
  47.   .avi, .asf, .mpeg, .vob, .mpg, .wmv, .fla, .swf, .wav, .mp3, .sh, .class,
  48.   .jar, .java, .rb, .asp, .php, .jsp, .brd, .sch, .dch, .dip, .pl, .vb, .vbs,
  49.   .ps1, .bat, .cmd, .js, .asm, .h, .pas, .cpp, .c, .cs, .suo, .sln, .ldf, .mdf,
  50.   .ibd, .myi, .myd, .frm, .odb, .dbf, .db, .mdb, .accdb, .sql, .sqlitedb,
  51.   .sqlite3, .asc, .lay6, .lay, .mml, .sxm, .otg, .odg, .uop, .std, .sxd,
  52.   .otp, .odp, .wb2, .slk, .dif, .stc, .sxc, .ots, .ods, .3dm, .max, .3ds,
  53.   .uot, .stw, .sxw, .ott, .odt, .pem, .p12, .csr, .crt, .key, .pfx, .der
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand