勒索软件家族新成员Unlock92——Kozy.Jozy作者新作品

230f4

密码infected

aboringman

没叫我，我已经满血复活了

AVG：

扫描：killed；

"";"Trojan horse FileCryptor.MBD, C:\Users\Killer\Desktop\Unlock92 Ransomware.exe";"Unresolved"

双击：关闭监控，实机双击，IDP瞬杀之。【留下了一个keyvalue.bin的尸体】

"";"IDP.Program.D1B0A5C0, C:\Users\Killer\Desktop\Unlock92 Ransomware.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2016/7/12, 12:58:50"

"";", C:\Windows\System32\vssadmin.exe";"Object was blocked";"Process";"2016/7/12, 12:58:50"

"";", C:\Users\Killer\AppData\Local\Temp\NTVL.jpg";"Deleted, Moved to Virus Vault";"File or Directory";"2016/7/12, 12:58:50"

"";", C:\Users\Killer\Desktop\Unlock92 Ransomware.exe";"Object was blocked";"Process";"2016/7/12, 12:58:50"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\WALL";"Deleted, Moved to Virus Vault";"Registry value";"2016/7/12, 12:58:50"

ymb668888

卡巴入库杀

12.07.2016 12.56.51;检测到的对象 ( 文件 ) 已删除。;D:\新建文件夹\Downloads\测试\Unlock92 Ransomware.exe;WinRAR 压缩文件管理器;D:\新建文件夹\Downloads\测试\Unlock92 Ransomware.exe;07/12/2016 12:56:51;Trojan.Win32.Deshacop.cux

230f4

aboringman 发表于 2016-7-12 12:55
没叫我，我已经满血复活了

AVG：loading......

都复活了，还用提醒？

驭龙

黑寡妇不需要DPH出手，直接特征码灭之

欧阳宣

TAV

鶴孤雲

轩夏

MSE
Unlock92 Ransomware.exe
Infected: Trojan:Win32/Dynamer!ac

liulangzhecgr

2016/7/12 13:36:08    修改文件    允许
进程: g:\download\unlock92_ransomware\unlock92 ransomware.exe
目标: C:\Users\baba\AppData\Local\GDIPFONTCACHEV1.DAT
规则: [应用程序组]病毒测试 -> [应用程序]g:\download\unlock92_ransomware\unlock92 ransomware.exe -> [文件]c:\*

2016/7/12 13:36:22    创建文件    允许
进程: g:\download\unlock92_ransomware\unlock92 ransomware.exe
目标: C:\Users\baba\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4144792320-3414818432-2231444586-1001\16878ad7c3be87412c200f08ec09c9b2_3584d4da-7a86-47eb-94e3-00ba9fea9295
规则: [应用程序组]病毒测试 -> [应用程序]g:\download\unlock92_ransomware\unlock92 ransomware.exe -> [文件]c:\*

BDTS2016：