[Community-sigs] GX40 ransomware
Askar Dyussekeyev
dyussekeyev at yandex.kz
Sun Apr 16 09:41:06 EDT 2017
Info:
- https://twitter.com/BleepinComputer/status/848702767246061568
Samples:
- https://www.virustotal.com/ru/file/2d7a92a8ad1271d0544148b7a37de0d2b2180750a6e7753a26f97b801c369fb4/analysis/1492349636/
- https://www.virustotal.com/ru/file/b6cbd7f5f6d9946b27be877ab5bd8205f64a4155ef202694dc2ce9fb2981c18d/analysis/1492349652/
Hello! There is a simple logical signature for GX40 ransomware, that looks for specific strings:
Win.Ransomware.GX40;Target:1;0&1&2&3&(4|(5>5)|6|7|8|9|10);63006D0064002E00650078006500;3F00670065006E0065007200610074006500;2E0078006C0073007800;2E0064006F0063007800;466174687572467265616B7A;57696E646F777355706461746572;687474703A2F2F67616E65646174612E636F2E756B;72616E736F6D77617265696E6340796F706D61696C2E636F6D;33427379527A3273647658635752617963506F697A454835684162446D5763704E45;696D706F7274616E742066696C65732068617665206265656E20656E63727970746564;42006900740063006F0069006E00
Best regards,
Askar
More information about the Community-sigs
mailing list