Submission Summary:

What's been foundSeverity Level
Contains characteristics of an identified security risk.


Technical Details:


Possible Security Risk

Threat CategoryDescription
A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment


File System Modifications

#Filename(s)File SizeFile HashAlias
1 c:\!_READ_ME_!.txt
%CommonDocuments%\My Pictures\Sample Pictures\!_READ_ME_!.txt
502 bytes MD5: 0xBDAB1E2874DC411275B3C4F9C603C64D
SHA-1: 0x85A210EF14B6F508E74D500B416A047FAB2414FD
(not available)
2 c:\contacts.html._CRYPT 295 bytes MD5: 0xB2980F5E480663670A72664B54383F08
SHA-1: 0x9798C62A5015D6B2B0826EA338FF729718DD8145
(not available)
3 %CommonDocuments%\My Pictures\Sample Pictures\Blue hills.jpg._CRYPT 28,537 bytes MD5: 0x9271CE1147E1CB3D6B95628C68C44EED
SHA-1: 0x3C0982A37479660CFFCE0D94F5AB9F7471BD3C59
(not available)
4 %CommonDocuments%\My Pictures\Sample Pictures\Sunset.jpg._CRYPT 71,205 bytes MD5: 0xF01BEF901390F6917521B4F3D48D2E47
SHA-1: 0x2F2436621ABF3ED2012C42D1800C58FFBF69E5E7
(not available)
5 %CommonDocuments%\My Pictures\Sample Pictures\Water lilies.jpg._CRYPT 83,810 bytes MD5: 0x5F22F53EAE047A90E6A9FE05023ABC74
SHA-1: 0xE7953382827149A633B39196C4354D8915D750C8
(not available)
6 %CommonDocuments%\My Pictures\Sample Pictures\Winter.jpg._CRYPT 105,558 bytes MD5: 0x583192C857B7870D5932D5731B277828
SHA-1: 0x5F68AA1FE316CF9483FEC78001E55D2B4499EF65
(not available)
7 c:\Inetpub\wwwroot\index.html._CRYPT 141 bytes MD5: 0x11B70E36FB16244C3406C99D7282976F
SHA-1: 0x982C8A861D8DE21D85640928250AEA6D67F6434B
(not available)
8 c:\Inetpub\wwwroot\index.jpg._CRYPT 176,110 bytes MD5: 0x65E8F601997A021B8772A3D73F5B666D
SHA-1: 0x1606340EAC1E59646756A3F8E535C620590D1607
(not available)
9 c:\main.wab._CRYPT 178,894 bytes MD5: 0x05EA80B6D8BB7F89657138696D97E4CC
SHA-1: 0x244851211C8FBF1E765B53171B4A7470E94AB4EE
(not available)
10 [file and pathname of the sample #1] 8,030 bytes MD5: 0x7CD8E2FC5FE2DC351F24417CC1D23AFA
SHA-1: 0x1490EE2D05B8862D17BB87BC00F0F0CC21C5505F
Trojan.Gpcoder [PCTools]
Trojan.Gpcoder.F [Symantec]
Trojan-Ransom.Win32.Gpcode.ak [Kaspersky Lab]
GPcoder.i [McAfee]
Troj/Gpcode-D [Sophos]
Trojan:Win32/Gpcode.G [Microsoft]
Virus.Win32.Gpcode [Ikarus]
Win-Trojan/Gpcode.8030 [AhnLab]
11 %System%\[filename of the sample #1 without extension].vbs 360 bytes MD5: 0x4308559CE8BCBA2DD02BC0E265E6FBB7
SHA-1: 0xDE16A57290FDFFC3934A2275369C5F591F955B37
(not available)


Registry Modifications



All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2015 ThreatExpert. All rights reserved.