Name		Name	Last commit message	Last commit date
parent directory ..
samples		samples
README.md		README.md

README.md

Virlock

First seen: November 2014
Aliases: PolyRansom
Samples:
- f0d7993a94ece82aee232b89ec736335bb9f49bc02081d2eaf8902106628b87c | windows | ransom | pe
- a945691cd49771ef9a7e0fdeb5c1406a5e0bae6e62c556e5016d025b2d874fe5 | windows | ransom | pe

Virlock Windows Payload

Basic Properties

Property	Value
Size	959488 bytes
CRC32	0xcccde1f5
MD5	0e9406eb85825b1810c8873da54a37a0
SHA1	84c681ca8334fff3f5759eeced9a2c4c03706284
SHA256	f0d7993a94ece82aee232b89ec736335bb9f49bc02081d2eaf8902106628b87c
SHA512	169b08e2489472e68543a0c2ac7eac5acba4bfb351e515c219a652c9f3b3b376a7e734dbf11a6161cab17e5abbdcb8b61f8c285a1e3035f50c20f43e6f4a39d6
Ssdeep	24576:MsHrXPmOF0b6tfGUshxtw1lIuHaROnakha5DJbmQwbdn66gsVynuq1:MsHrX+I0et9sBw1WOaROnakha5DJbNwQ
Magic	PE32 executable (GUI) Intel 80386, for MS Windows
Packer	PE: linker: Microsoft Linker(5.12*)[EXE32]
TrID	35.7% (.EXE) Win32 Executable (generic) (4505/5/1) 16.3% (.ICL) Windows Icons Library (generic) (2059/9) 16.1% (.EXE) OS/2 Executable (generic) (2029/13) 15.8% (.EXE) Generic Win/DOS Executable (2002/3) 15.8% (.EXE) DOS Executable Generic (2000/1)

Antivirus Scan

- Avast: Win32:VirLock [Inf]
- Avira: TR/Crypt.XPACK.Gen7
- Bitdefender: Win32.Virlock.Gen.4
+ Clamav: clean
- Comodo: Packed.Win32.Graybird.B
- Drweb: Win32.VirLock.3
- Eset: Win32/Virlock.D virus
- Fsecure: Trojan.TR/Crypt.XPACK.Gen7
+ Kaspersky: clean
- Mcafee: W32/VirRansom
- Sophos: W32/VirRnsm-A
- Symantec: W32.Virlock!inf
- Trendmicro: PE_VIRLOCK.J
- Windefender: Virus:Win32/Nabucur.A

PolyRansom Windows Payload (MSIL)

Basic Properties

Property	Value
Size	38400 bytes
CRC32	0x3293568c
MD5	e3fe5ca8ab54cf593699926670550c1a
SHA1	f205ad3e3c6fc65b279eacc7f3d08982d32b14ea
SHA256	a945691cd49771ef9a7e0fdeb5c1406a5e0bae6e62c556e5016d025b2d874fe5
SHA512	fb26d6f19475b3acf452b1a0b5146a2566271e0eff8f55ec967e72ba1dc27af5890598a4ff85e3fe2954216482931efd608eb9a6bf65b20c18b4f0d2c13ca171
Ssdeep	768:Xz7TkX/gnY5Gwe0QaTsNzhRHZYMboGkct9hRZydalfuV3lVwGcL/bDc:XHTkv/SzhR51boBct9XOaFufVw9TbDc
Magic	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Packer	PE: library: .NET(v4.0.30319)[-] PE: linker: Microsoft Linker(11.0)[EXE32,admin]
TrID	67.7% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 9.7% (.EXE) Win64 Executable (generic) (10523/12/4) 6.0% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 4.1% (.EXE) Win32 Executable (generic) (4505/5/1)

Antivirus Scan

- Avast: Win32:MalwareX-gen [Trj]
+ Avira: clean
- Clamav: Win.Packed.Msilzilla-9953300-0
+ Comodo: clean
- Drweb: Trojan.PackedNET.1575
- Eset: MSIL/Agent.VIF
- Fsecure: Heuristic.HEUR/AGEN.1305561
+ Mcafee: clean
+ Sophos: clean
+ Trendmicro: clean
- Windefender: Trojan:MSIL/Polyransom.psyF!MTB

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Virlock

Virlock

README.md

Virlock

Virlock Windows Payload

Basic Properties

Antivirus Scan

PolyRansom Windows Payload (MSIL)

Basic Properties

Antivirus Scan

References

Files

Virlock

Directory actions

More options

Directory actions

More options

Latest commit

History

Virlock

Folders and files

parent directory

README.md

Virlock

Virlock Windows Payload

Basic Properties

Antivirus Scan

PolyRansom Windows Payload (MSIL)

Basic Properties

Antivirus Scan

References