Home / malware Win32/Malasypt
First posted on 06 July 2016.
Source: MicrosoftAliases :
There are no other names known for Win32/Malasypt.
Explanation :
Payload
Encrypts files
This ransomware can encrypt files on your PC.
It tries to encrypt files with the following extensions in every folder on your PC:
- .3ds
- .4db
- .4dd
- .7z
- .7zip
- .accdb
- .accdt
- .aep
- .aes
- .ai
- .alk
- .arj
- .axx
- .bak
- .bpw
- .cdr
- .cer
- .crp
- .crt
- .csv
- .db
- .dbf
- .dbx
- .der
- .doc
- .docm
- .docx
- .dot
- .dotm
- .dotx
- .drc
- .dwfx
- .dwg
- .dwk
- .dxf
- .eml
- .enz
- .fdb
- .flk
- .flka
- .flkb
- .flkw
- .flwa
- .gdb
- .gho
- .gpg
- .gxk
- .hid
- .hid2
- .idx
- .ifx
- .iso
- .k2p
- .kdb
- .kdbx
- .key
- .ksd
- .max
- .mdb
- .mdf
- .mpd
- .mpp
- .myo
- .nba
- .nbf
- .nsf
- .nv2
- .odb
- .odp
- .ods
- .odt
- .ofx
- .ost
- .p12
- .pdb
- .pfx
- .pgp
- .ppj
- .pps
- .ppsx
- .ppt
- .pptx
- .prproj
- .psd
- .pst
- .psw
- .qba
- .qbb
- .qbo
- .qbw
- .qfx
- .qif
- .rar
- .raw
- .rfp
- .rpt
- .rsa
- .rtf
- .saj
- .sdc
- .sdf
- .sef
- .sko
- .sql
- .sqlite
- .sxc
- .tar
- .tax
- .tbl
- .tc
- .tib
- .wdb
- .xbrl
- .xls
- .xlsm
- .xlsx
- .xml
Demands payment to decrypt files
After encrypting files, the ransomware changes your desktop wallpaper to the following (or similar):
It also drops a text file in every folder where it has encrypted files. The text file also contains information about the encryption and how to restore your files. The following is an example:
Analysis by Jireh SanicoLast update 06 July 2016
