SecurityHome.eu Trojan.Ranslock.AN!inf

Home / malware PDF

Trojan.Ranslock.AN!inf

First posted on 29 November 2014.
Source: Symantec
Aliases :
There are no other names known for Trojan.Ranslock.AN!inf.
Explanation :
Trojan.Ranslock.AN!inf is a detection for a DLL file infected by Trojan.Ransomlock.

The infected file may be found in the following locations:
%Windir%\ServicePackFiles\i386\kernel32.dll%Windir% \SysWOW64\kernel32.dll%System%\dllcache\kernel32.dll%System%\kernel32.dll
When the system starts, the infected kernel32.dll file is loaded by several processes.

The infected file may then connect to one of the following remote locations:
usadepartament.comusadepartament.netusadepartament.ru
It then notifies the attacker that the computer has been compromised, downloads a ransom note in the form of an image.

Next, it will then lock the desktop and ask the user to pay to unlock the computer.
Last update 29 November 2014

TOP

Malware :

SymbOS.Worm.Beselo.A
SymbOS.Worm.Beselo.B
SymbOS.Worm.Keaf.A
Trojan:SymbOS/ZeusMitmo.A
Trojan:SymbOS/MapUp

Last 20

Family:

Trojan.Ranslock.AN!inf