Home / malware Trojan.Encryptoraas
First posted on 24 November 2015.
Source: SymantecAliases :
There are no other names known for Trojan.Encryptoraas.
Explanation :
When the Trojan is executed, it creates the following files:
%SystemDrive%\readme_liesmich_encryptor_raas.txt
The Trojan creates the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[RANDOM CHARACTERS]="%SystemDrive% /SkipReg"
The Trojan encrypts files with the following extensions across all drives on the compromised computer:
.doc.docm.docx.txt.jpg.xls.xlsx.zip.7z.flac.aup.ogg.raw.tiff.lzma.mp4.torrent.gz.m4v.cpp.h.ova.avi.bak.data.rtf.ico.img.php.php3.php5.dmg.mp3.mp4.iso.wav.mpeg.mpg.jar.webm.java.sln.msg.jpeg.png.pdf.bmp
The Trojan opens the text file on the compromised computer:
The Trojan opens a page in a web browser with a ransom demand to decrypt the victim's files.Last update 24 November 2015
