IMA Posted August 4, 2017 Report Share Posted August 4, 2017 Hi Everyone one many MENA companies got infected with this type of trojan ( filecoder.fp ) and called x3m if anyone here has decryption tool pls support - attache example but I just would like to highlight something I already cleared the %temp% folder so if there is any tool that could help in decryption pls share -<RECORD> <COLUMN NAME="Time">8/2/2017 8:49:15 AM</COLUMN> <COLUMN NAME="Scanner">Real-time file system protection</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">E:\CAPEX\Engineering\KPI\### DECRYPT MY FILES ###.html</COLUMN> <COLUMN NAME="Threat">Win32/Filecoder.FP trojan</COLUMN> <COLUMN NAME="Action"/> <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\OpenWith.exe (2545605A4CB1F45782DB18A823488EFDB1D4E206).</COLUMN> <COLUMN NAME="Hash">80EB695D912F7976FBD09213488E15A757190A5B</COLUMN> <COLUMN NAME="First seen here">8/1/2017 11:54:11 PM</COLUMN> </RECORD> </LOG> Conversion Line issues.xlsx.id_538706706_[[email protected]].4se9s Link to comment Share on other sites More sharing options...
IMA Posted August 5, 2017 Author Report Share Posted August 5, 2017 Hello! I have attached ransomware message to us and here is the file which can do the same to ur computer https://goo.gl/RgXcPB Link to comment Share on other sites More sharing options...
GT500 Posted August 11, 2017 Report Share Posted August 11, 2017 It appears to be Cry36, which is not currently decryptable without sending money to the criminals that made it. Link to comment Share on other sites More sharing options...
Recommended Posts