SecurityHome.eu Ransom:Win32/Koquerpt.A

Home / malware PDF

Ransom:Win32/Koquerpt.A

First posted on 24 June 2016.
Source: Microsoft
Aliases :
There are no other names known for Ransom:Win32/Koquerpt.A.
Explanation :
This ransomware is a trojan written in the AutoIt scripting language possibly from drive-by-download.

The trojan tries to encrypt files and folders in %USERPROFILE% that have the following extensions:

.doc

.docx

.jpeg

.jpg

.pdf

.png

It inserts the string "ENCRYPTED" into the code at the start of each file, followed by the original contents of the file.

It then adds .encrypted to the end of the file's extension, for example:

bears.jpg.encrypted

blue_gradient.jpg.encrypted

transcodedwallpaper.jpg.encrypted

However, the files can be recovered by removing the .encrypted string.

Analysis by Jireh Sanico
Last update 24 June 2016

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Ransom:Win32/Koquerpt.A