PHP/Filecoder [Threat Name] go to Threat
PHP/Filecoder.D [Threat Variant Name]
| Category | trojan |
| Size | 7180 B |
| Aliases | PHP/Ransom.f.trojan (McAfee) |
Short description
PHP/Filecoder.D is a trojan that encrypts files on fixed, removable and network drives. To decrypt files the user is requested to comply with given conditions in exchange for a password/instructions. It is written in PHP .
Installation
The trojan does not create any copies of itself.
Payload information
PHP/Filecoder.D is a trojan that encrypts files on fixed, removable and network drives.
The trojan searches for files with the following file extensions:
- .zip
- .rar
- .r00
- .r01
- .r02
- .r03
- .7z
- .tar
- .gz
- .gzip
- .arc
- .arj
- .bz
- .bz2
- .bza
- .bzip
- .bzip2
- .ice
- .xls
- .xlsx
- .doc
- .docx
- .djvu
- .fb2
- .rtf
- .ppt
- .pptx
- .pps
- .sxi
- .odm
- .odt
- .mpp
- .ssh
- .pub
- .gpg
- .pgp
- .kdb
- .kdbx
- .als
- .aup
- .cpr
- .npr
- .cpp
- .bas
- .asm
- .cs
- .php
- .pas
- .class
- .py
- .pl
- .h
- .vb
- .vcproj
- .vbproj
- .java
- .bak
- .backup
- .mdb
- .accdb
- .mdf
- .odb
- .wdb
- .csv
- .tsv
- .sql
- .psd
- .eps
- .cdr
- .cpt
- .indd
- .dwg
- .ai
- .svg
- .max
- .skp
- .scad
- .cad
- .3ds
- .blend
- .lwo
- .lws
- .mb
- .slddrw
- .sldasm
- .sldprt
- .u3d
- .jpg
- .jpeg
- .tiff
- .tif
- .raw
- .avi
- .mpg
- .mp4
- .m4v
- .mpeg
- .mpe
- .wmf
- .wmv
- .veg
- .mov
- .3gp
- .flv
- .mkv
- .vob
- .rm
- .mp3
- .wav
- .asf
- .wma
- .m3u
- .midi
- .ogg
- .mid
- .vdi
- .vmdk
- .vhd
- .dsk
- .img
- .iso
It avoids files which contain any of the following strings in their path:
- winnt
- boot
- system
- windows
- tmp
- temp
- program
- appdata
- application
- roaming
- msoffice
- temporary
- cache
The trojan encrypts the file content.
The extension of the encrypted files is changed to:
- .crypted
To decrypt files the user is requested to comply with given conditions in exchange for a password/instructions.