[en] Urausy ransomware get an update and taunts antivirus

Today, i notice an update from Urausy ransomware (sample http://malwaredb.malekal.com/index.php?hash=5ffcea540f262d5a20165a03a9b11dfa).
Previous version used the file msconfig.dat now it uses the file skype.dat

and of course the skin is updated adding some informations (IP, Country, Username) and also a « Protected by » sentences with an image.
In the first case, the image is empy (I don’t have any antivirus installed on my VM).


so i try with Avast! and Antivir and the logo appear.
a bit ironic ! isn’t it ?



VirusTotal information :


SHA256: 64463f550cbf6055788382495f52d1f2e9bf295c904c830117624a0a45ffb21a
File name: 5ffcea540f262d5a20165a03a9b11dfa
Detection ratio: 3 / 43
Analysis date: 2012-11-28 14:31:59 UTC ( 15 minutes ago )

DrWeb BackDoor.Andromeda.22 20121128
ESET-NOD32 a variant of Win32/Injector.ZPB 20121128
Sophos Mal/EncPk-AFN 20121128


EDIT 20 Aout

New Skin with a taunts of antivirus : https://www.malekal.com/2013/07/15/urausy-nouveau-skin-virus-police-nationale-europol-cyber-crime-unit/

Print Friendly, PDF & Email
(Visité 48 fois, 1 visites ce jour)
Noter cet article