Home / malwarePDF  

Trojan.Cryptolocker.AG


First posted on 23 February 2016.
Source: Symantec

Aliases :

There are no other names known for Trojan.Cryptolocker.AG.

Explanation :

When the Trojan is executed, it may create the following files:
%AppData%\PadCrypt%AppData%\PadCrypt\package.exe%AppData%\PadCrypt\PadCrypt.exe%AppData%\PadCrypt\unistl.exe%AppData%\PadCrypt\wallpaper.bmp%AppData%\PadCrypt\File Decrypt Help.html
The Trojan may create the following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\PadCrypt = "%AppData%\PadCrypt\package.exe"
The Trojan may attempt to connect to the following remote location:
[http://]annaflowersweb.com
The Trojan may encrypt files on the compromised computer.

The Trojan may display the following window asking for a random to decrypt the victim's files:

Last update 23 February 2016

 

TOP