Undetected Ransomware

Viruses and worms
1

Here i have 2 undetected Ransomwares. (Screenshots attached)

One (Video xxx1.exe) looks like a Cryptodefense Malware, detected as Trojan.Cryptodefense by Malwarebytes.
The other one looks like its restarting the system and locks it up. Cant really see it inside VmWare Workstation.

Malwr videoxvidavi.exe: https://malwr.com/analysis/NDMxODY4ZmNlN2M4NGRjMDg0ODJlMTM4Zjg4ZGQ4OGM/
video_xxx__1_.exe: https://malwr.com/analysis/ODMyOTY0OTQ0MzJiNGEyMWI2NmY0NGE4YjZmZDVlNDQ/

2

one day old scan
https://www.virustotal.com/en/file/78993f0cddccd4e7e4cdd9519637b2e9db9aa41df6a385b7cc79b94c5563b25a/analysis/

16 minutes (guess it was you)
https://www.virustotal.com/en/file/931cb7f6b7e1cf726a3f53285821a11493ea884e5361405f3a9194c59696aef4/analysis/

3

Yep. That was me. :slight_smile:

4

Nice Steven! Sadly I don’t have my Virtual Machines anymore…

[Edit]: Can you give VT links?

5

I still have some VMs.

I will upload 2 small videos to my Google Drive now.

VT Links: https://www.virustotal.com/en/file/931cb7f6b7e1cf726a3f53285821a11493ea884e5361405f3a9194c59696aef4/analysis/#
https://www.virustotal.com/en/file/78993f0cddccd4e7e4cdd9519637b2e9db9aa41df6a385b7cc79b94c5563b25a/analysis/1398093262/

6

That Google Drive is just making it go to mine. Not yours.

7

Is this working: https://docs.google.com/file/d/0B28ldDzASOt3MGQ0YTFtZE9VNnc/edit
https://docs.google.com/file/d/0B28ldDzASOt3VmlaUHNnYlFZYjg/edit

8

Yes

Edit: You can see the CPU spiking as the ransomware takes control. Then drops as it stops while it infects explorer. From the second video. Were you able to override the ransomware? It didn’t disable and close task manager. From their you might’ve been able to run Avast! or iexplore and gotten MBAM.

9

No chance as task manager wasnt responding to anything. Nothing else than the ransomware was responding.

10

Ah, what a shame. That sucks. Didn’t see Task Manager not responding.

11

As you can see i was trying to click on it and also tried to get it via Crtl+Alt+Del, which is also not working.

The one in the first one is rough malware. It dont know how they got that to work.

12

Files are submitted via Avast quarantine.

13

That’s what I was waiting for. :wink: Good catch Steven. :slight_smile:

14

These are from Malwaretips.com Virus Exchange Subforum. :slight_smile:

15

@ Steven,

If you find more, you can use this thread and notify us when they happen.

16

EDIT: Both files are now detected as Win32:Malware-Gen.