Win32/Filecoder [Threat Name] go to Threat
Win32/Filecoder.F [Threat Variant Name]
Category | trojan,worm |
Size | 29696 B |
Aliases | Trojan-Ransom.Win32.Xorist.i (Kaspersky) |
Ransom!bq (McAfee) | |
TROJ_RANSOM.HK (TrendMicro) |
Short description
Win32/Filecoder.F is a trojan that encrypts files on local drives.
Installation
The trojan does not create any copies of itself.
The following file is dropped into the %windir% folder:
- CryptLogFile.txt
Payload information
Win32/Filecoder.F is a trojan that encrypts files on local drives.
The trojan searches local drives for files with the following file extensions:
- .ace
- .bmp
- .cdr
- .djvu
- .doc
- .docm
- .docx
- .eps
- .gif
- .jpeg
- .jpg
- .lnk
- .max
- .mp3
- .msi
- .png
- .ppd
- .pps
- .ppsx
- .ppt
- .pptx
- .psd
- .rar
- .rtf
- .tif
- .tif
- .tiff
- .txt
- .wma
- .xls
- .xlsm
- .xlsx
- .xml
- .zip
The trojan encrypts the file content.
The trojan creates the following file:
- %systemdrive%\Прочти Меня - как расшифровать файлы.txt
It contains the following text:
The encrypted files can be returned to their original state using the following command:
- %malwarepath% ktyrsdfbakdbekhqvfy3183g2dvb