Diabl0 Posted February 17, 2017 Share Posted February 17, 2017 (edited) Found this after a good friend was almost infected by it. Its a rather maturely coded ransomware as compared to some other crap that i have seen a while, wasn't hard to reverse it though :) Panel Image: This is the hidden content, please Sign In or Sign Up Features include: - Encryption algoritm is AES 256. - The ransomware will encrypt all files stored on: Network drives, Network Shares, Usb Drives/sticks, Externals Disks, Internal Disks, Games (Steam), Onedrive, Dropbox, Google Drive (any cloud service that is running on the machine). - It encrypts all files It's not extension based. The max file size limit is 30 mb, you can change that if you want. The reason is to keep the performance high, while targetting most files. - All shadow copies are being permanently deleted upon execution. - The old non-encrypted files are being overwritten 10 times, and then deleted permanently. Only the encrypted files will be left back. The recyclebin is being overwritten 10 times and deleted permanently as well. - It will avoid heuristic detections by calculating differnt math algorithms. - Persistence startup. - Machine Domain check. If the victims pc is joined to a domain (company machine) the ransom will be 10x bigger (you can change that). PS: Requires autoit version v3.3.14.2 to compile ++ I Haven't included the panel....anyone who want's one can code his\her own (to prevent skid misuse). Download Link: [hide-thanks] Link: This is the hidden content, please Sign In or Sign Up [/hide-thanks] Edited February 17, 2017 by Diabl0 Link to comment Share on other sites More sharing options...
Recommended Posts