It’s ransomware… It’s VIRLOCK
Craciun-etal-VB2015 Craciun-etal-VB2015
Anti-analysis tricks • Decrypt Execute Re-Encrypt 30.09.2015 www.bitdefender.com 24
Polymorphic engine • Basic reshape technique 30.09.2015 www.bitdefender.com 25
- Page 1 and 2: It’s a file infector… It’s ra
- Page 3 and 4: Background • Most malware on toda
- Page 5 and 6: Ransomwares and file infectors Scre
- Page 7 and 8: Ransomwares and file infectors •
- Page 9 and 10: Ransomwares and file infectors •
- Page 11 and 12: Introducing Virlock • Virlock - h
- Page 13 and 14: Introducing Virlock File infection
- Page 15 and 16: Malware installation • Setting up
- Page 17 and 18: Malware installation • Getting to
- Page 19 and 20: Account password brute-force • A
- Page 21 and 22: Anti-analysis tricks • Detecting
- Page 23: Anti-analysis tricks • Decrypt E
- Page 27 and 28: Different malware versions • Simi
- Page 29 and 30: Statistics • Spreading of Win32.V
- Page 31 and 32: Statistics • Areas with an increa
- Page 33: ? 30.09.2015 www.bitdefender.com 33
Anti-analysis tricks<br />
• Decrypt Execute Re-Encrypt<br />
30.09.2015 www.bitdefender.com 24