20170709

PUA.Ransom

PUA.Ransom
【外部リンク】
https://www.symantec.com/security_response/writeup.jsp?docid=2017-061915-1223-99&tabid=2
Systems Affected:
Windows
Once executed, the application creates the following files:
%Temp%\fsi\76.exe
%Temp%\fsi\config.ini
%Temp%\enc_[FILE NAME].jpg

The application connects to the following remote location:
[http://]www.drill.or.kr:8083/welco[REMOVED]

Next, the application copies one .jpg file on the computer to the following location:
%Temp%\enc_[FILE NAME].jpg

The application encrypts the copied .jpg file and leaves the original untouched.

The application then displays a message on the computer informing the user that their files have been encrypted.
--

注目の投稿

cURL error 60: SSL certificate problem: unable to get local issuer certificate

cURL error 60: SSL certificate problem: unable to get local issuer certificate 更新失敗: ダウンロードに失敗しました。 cURL error 60: SSL certificate problem: ...

人気の投稿