Sign in to follow this  
IMA

X3m Ransomware Win32/Filecoder.FP trojan

Recommended Posts

Hi Everyone one 

 

many MENA companies got infected with this type of trojan ( filecoder.fp ) and called x3m if anyone here has decryption tool pls support - attache example 

but I just would like to highlight something I already cleared the %temp% folder so if there is any tool that could help in decryption pls share

 

-<RECORD>

<COLUMN NAME="Time">8/2/2017 8:49:15 AM</COLUMN>

<COLUMN NAME="Scanner">Real-time file system protection</COLUMN>

<COLUMN NAME="Object type">file</COLUMN>

<COLUMN NAME="Object">E:\CAPEX\Engineering\KPI\### DECRYPT MY FILES ###.html</COLUMN>

<COLUMN NAME="Threat">Win32/Filecoder.FP trojan</COLUMN>

<COLUMN NAME="Action"/>

<COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\OpenWith.exe (2545605A4CB1F45782DB18A823488EFDB1D4E206).</COLUMN>

<COLUMN NAME="Hash">80EB695D912F7976FBD09213488E15A757190A5B</COLUMN>

<COLUMN NAME="First seen here">8/1/2017 11:54:11 PM</COLUMN>

</RECORD>

</LOG>

 

Conversion Line issues.xlsx.id_538706706_[[email protected]].4se9s

Share this post


Link to post
Share on other sites

It appears to be Cry36, which is not currently decryptable without sending money to the criminals that made it.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.