Home / malwarePDF  

Trojan.Cryptolocker.AA


First posted on 02 September 2015.
Source: Symantec

Aliases :

There are no other names known for Trojan.Cryptolocker.AA.

Explanation :

Trojan.Cryptolocker.AA is a Trojan horse that encrypts files on the compromised computer and then demands payment from the user in order to decrypt them.

Once the Trojan is executed, it encrypts all files on the compromised computer with the following extensions:
.txt.jpg.jpe.gif.png.jpeg.avi.pdf.mp3.mp4.ppt.pptx.xls.xlsx.QBB.QBW.QDB.doc.docx.docm.zip.rar.7z.wps.php.ssh.key.psd.tc.dwg.wpd.rtf.raw.pst.wmv.mpeg.mpg.mov.m4v.mkv.vhd.vmdk.vdi.vbox
The Trojan then changes each encrypted file's extension to the following:
.LOCKED
The Trojan creates the following file:
%AllUsersProfile%\Desktop\Payment-Instructions.html
The .html file contains a ransom message with payment instructions.



The Trojan may also gather system information, such as operating system type, and send it to a remote location.

Last update 02 September 2015

 

TOP