Bird_banner_small4
Worm.MSIL.StxRansom.A
TSL ID TSL20171206-01
Severity High
Description

Worm.MSIL.StxRansom.A is a Worm that target Windows platform. This malware encrypts targeted files on the infected system using AES encryption. After encryption the malware sends the password along with encrypted system information to the remote server and places a ransom note on the infected system describing how to pay the ransom to get the files decrypted. The malware also responds on commands received from the server. It can download and execute files, kill processes and other nefarious activities on the infected system. The malware tries to infect other system by infecting removable devices. Furthermore, it adds a Run key registry entry to survive system reboots.

Affected Products
  • Microsoft Windows All Versions
File Hashes
MD5:
  • 7AC8370D70BBE5DC55AEE83AFF87EF13
SHA1:
  • 0ED194FD49DAF8060FC3663A383923295751547A
Identifiers
McAfee
  • RANSOMWARE-FTD!7AC8370D70BB
Microsoft Malware Protection Center
TrendMicro
Avira
  • TR/AD.RANSOMHEUR.FYKGL
Baidu
  • WIN32.TROJAN.WISDOMEYES.16070401.9500.9581
BitDefender
  • GENERIC.RANSOM.WCRYG.BA39B786
CAT-QuickHeal
  • TROJAN.GENERIC.FC.1632
ClamAV
  • WIN.RANSOMWARE.GENERIC3-6369615-1
Cyren
  • W32/RANSOM.KFTS-6142
Fortinet
  • W32/GENERIC.A!TR
Ikarus
  • TROJAN-RANSOM.FILECODER
NANO-Antivirus
  • TROJAN.WIN32.RANSOMHEUR.EVHVKF
Qihoo-360
  • WIN32/TROJAN.RANSOM.A69
Tencent
  • WIN32.TROJAN.GENERIC.AKZG
ViRobot
  • TROJAN.WIN32.Z.RANSOM.36352
Related Threats TSL20171116-06 - Trojan.MSIL.NanoCore.Q