Home / malware Trojan.Cryptolocker.AG
First posted on 23 February 2016.
Source: SymantecAliases :
There are no other names known for Trojan.Cryptolocker.AG.
Explanation :
When the Trojan is executed, it may create the following files:
%AppData%\PadCrypt%AppData%\PadCrypt\package.exe%AppData%\PadCrypt\PadCrypt.exe%AppData%\PadCrypt\unistl.exe%AppData%\PadCrypt\wallpaper.bmp%AppData%\PadCrypt\File Decrypt Help.html
The Trojan may create the following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\PadCrypt = "%AppData%\PadCrypt\package.exe"
The Trojan may attempt to connect to the following remote location:
[http://]annaflowersweb.com
The Trojan may encrypt files on the compromised computer.
The Trojan may display the following window asking for a random to decrypt the victim's files:Last update 23 February 2016
