Home / malwarePDF  

Win32/Ceqcrypt


First posted on 02 July 2016.
Source: Microsoft

Aliases :

There are no other names known for Win32/Ceqcrypt.

Explanation :

Installation

This malware will be dropped or downloaded as java.exe under %APPDATA%\, for example:

  • c:\users\\appdata\roaming\jsbzy7vrynpwkpvemvuubxzy\java.exe


It changes the following registry entry so that it runs each time you start your PC:

In subkey: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Sets value: "java"
With data: ""

Payload

Encrypts files

This ransomware can encrypt files on your PC.

It tries to encrypt specific file types (see the table at the end of this description) in every folder on your PC.

It adds _enc to the end of file extension on files that it encrypts. For example, if you have a file background.png it will rename the file to background.png_enc.

Targeted file types

The ransomware encrypts the following file types:
  • .3fr
  • .7z
  • .accdb
  • .ai
  • .apk
  • .arch00
  • .arw
  • .asset
  • .asv
  • .avi
  • .bar
  • .bay
  • .bc6
  • .bc7
  • .big
  • .bik
  • .bkf
  • .bkp
  • .blob
  • .bsa
  • .c
  • .cas
  • .cdr
  • .cer
  • .cfr
  • .cpp
  • .cr2
  • .crt
  • .crw
  • .css
  • .csv
  • .d3dbsp
  • .das
  • .dazip
  • .db0
  • .dba
  • .dbf
  • .dcr
  • .der
  • .desc
  • .dng
  • .doc
  • .docm
  • .docx
  • .dwg
  • .dxg
  • .egg
  • .epk
  • .eps
  • .erf
  • .esm
  • .ff
  • .flv
  • .forge
  • .fos
  • .fpk
  • .frm
  • .fsh
  • .gdb
  • .gho
  • .hkdb
  • .hkx
  • .hplg
  • .hvpl
  • .hwp
  • .ibank
  • .icxs
  • .indd
  • .iso
  • .itdb
  • .itl
  • .itm
  • .iwd
  • .iwi
  • .jpe
  • .jpeg
  • .jpg
  • .js
  • .kdb
  • .kdc
  • .kf
  • .layout
  • .lbf
  • .litemod
  • .lrf
  • .ltx
  • .lvl
  • .m2
  • .m3u
  • .m4a
  • .map
  • .mcmeta
  • .mdb
  • .mdbackup
  • .mddata
  • .mdf
  • .mef
  • .menu
  • .mlx
  • .mov
  • .mp3
  • .mp4
  • .mpqge
  • .mrwref
  • .ncf
  • .nrw
  • .ntl
  • .odb
  • .odc
  • .odm
  • .odp
  • .ods
  • .odt
  • .orf
  • .p12
  • .p7b
  • .p7c
  • .pak
  • .pdd
  • .pdf
  • .pef
  • .pem
  • .pfx
  • .pkpass
  • .png
  • .ppt
  • .pptm
  • .pptx
  • .psd
  • .psk
  • .pst
  • .ptx
  • .py
  • .qdf
  • .qic
  • .r3d
  • .raf
  • .rar
  • .raw
  • .rb
  • .re4
  • .rgss3a
  • .rim
  • .rofl
  • .rtf
  • .rw2
  • .rwl
  • .sav
  • .sb
  • .sid
  • .sidd
  • .sidn
  • .sie
  • .sis
  • .slm
  • .snx
  • .sql
  • .sr2
  • .srf
  • .srw
  • .sum
  • .svg
  • .syncdb
  • .t12
  • .t13
  • .tax
  • .tor
  • .txt
  • .upk
  • .vcf
  • .vdf
  • .vfs0
  • .vpk
  • .vpp_pc
  • .vtf
  • .w3x
  • .wallet
  • .wav
  • .wb2
  • .wma
  • .wmo
  • .wmv
  • .wotreplay
  • .wpd
  • .wps
  • .x3f
  • .xf
  • .xlk
  • .xls
  • .xlsb
  • .xlsm
  • .xlsx
  • .xxx
  • .zip
  • .ztmp




Analysis by Jireh Sanico

Last update 02 July 2016

 

TOP

Malware :