SecurityHome.eu Ransom:Win32/Enestaller

Home / malware PDF

Ransom:Win32/Enestaller

First posted on 11 January 2018.
Source: Microsoft
Aliases :
There are no other names known for Ransom:Win32/Enestaller.
Explanation :
Installation

This threat is a scriptable installer engine used to deliver malicious payloads, mostly ransomware, such as Ransom:Win32/Enestedel.

When run, this ransomware creates the following files:

%TEMP% \.

%TEMP% \.tmp

%TEMP% \.dll

%TEMP% \ns.tmp\system.dll

%TEMP% \ns.tmp\

Payload

Downloads malware

This threat can download other malware onto your PC.

It loads and executes the malicious loader component %TEMP%\.dll (identified as Ransom:Win32/Enestedel), which in turn decrypts and runs the malicious payload.

We have also observed that this threat delivers the following malware families (the list is not exhaustive):

Ransom:Win32/Cerber

Ransom:Win32/Critroni

Ransom:Win32/Locky

Ransom:Win32/Teerac

Analyzed by Andrea Lelli
Last update 11 January 2018

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20