Win32[.]HelloKittyRansomware[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

Win32.HelloKittyRansomware.7z
Size

728KB
MD5

7417a04acf1b90b14217922aa3789728
SHA1

267082934a3c462661b7f173e75247aba6243f87
SHA256

bb4a796dbe5c54ea9b5983652aedf7ca06536c34295ae796635ca0a0497019a9
SHA512

845d16e74e895a527b07ddf9cd8cbe247edcd2ffb900ae3c39717dc9681493eaa6d69af00331d095206c6269a79ac9d26e76d44653c64705110af53002b8362d
SSDEEP

12288:Nb0XU4FPjnfO8nFfT88OjpbELJJunyz/YLEEmA6UvF4Eup2qHcTq58zA9pYXVN38:yX9nB4rpMnQ9mrUvFSkq7YFN3WygVJZj

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
static1/unpack001/Win32.HelloKittyRansomware/NTRUEncrypt/doc/UserNotes-NTRUEncrypt.pdf	pdf_with_link_action

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Files

Win32.HelloKittyRansomware.7z
.7z

Password: infected
Win32.HelloKittyRansomware/.gitignore
Win32.HelloKittyRansomware/Innocent.sln
Win32.HelloKittyRansomware/Innocent/Base64.cpp
Win32.HelloKittyRansomware/Innocent/Base64.h
Win32.HelloKittyRansomware/Innocent/Encryptor.cpp
Win32.HelloKittyRansomware/Innocent/Innocent.vcxproj
.xml
Win32.HelloKittyRansomware/Innocent/Innocent.vcxproj.filters
Win32.HelloKittyRansomware/Innocent/Innocent.vcxproj.user
Win32.HelloKittyRansomware/Innocent/aesMbedTls.hpp
Win32.HelloKittyRansomware/Innocent/config.h
Win32.HelloKittyRansomware/Innocent/ntru.hpp
Win32.HelloKittyRansomware/Innocent/randomMbedTls.hpp
Win32.HelloKittyRansomware/NTRUEncrypt/AUTHORS
Win32.HelloKittyRansomware/NTRUEncrypt/CC0-Legal
Win32.HelloKittyRansomware/NTRUEncrypt/ChangeLog
Win32.HelloKittyRansomware/NTRUEncrypt/INSTALL
Win32.HelloKittyRansomware/NTRUEncrypt/LICENSE
Win32.HelloKittyRansomware/NTRUEncrypt/Makefile.am
Win32.HelloKittyRansomware/NTRUEncrypt/PATENTS
Win32.HelloKittyRansomware/NTRUEncrypt/README
Win32.HelloKittyRansomware/NTRUEncrypt/autogen.sh
Win32.HelloKittyRansomware/NTRUEncrypt/configure.ac
Win32.HelloKittyRansomware/NTRUEncrypt/doc/UserNotes-NTRUEncrypt.pdf
.pdf
- http://technet.microsoft.com/en-us/library/cc751157.aspx
Win32.HelloKittyRansomware/NTRUEncrypt/driver_test/Makefile.old
Win32.HelloKittyRansomware/NTRUEncrypt/driver_test/__ntruEncrypt.c
Win32.HelloKittyRansomware/NTRUEncrypt/include/ntru_crypto.h
Win32.HelloKittyRansomware/NTRUEncrypt/include/ntru_crypto_drbg.h
Win32.HelloKittyRansomware/NTRUEncrypt/include/ntru_crypto_error.h
Win32.HelloKittyRansomware/NTRUEncrypt/include/ntru_crypto_platform.h
Win32.HelloKittyRansomware/NTRUEncrypt/libntruencrypt.sym
Win32.HelloKittyRansomware/NTRUEncrypt/sample/sample_NTRUEncrypt.c
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_drbg.c
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_hash.c
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_hash.h
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_hash_basics.h
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_hmac.c
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_hmac.h
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_msbyte_uint32.c
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_msbyte_uint32.h
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_ntru_convert.c
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_ntru_convert.h
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_ntru_encrypt.c
.js
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_ntru_encrypt_key.c
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_ntru_encrypt_key.h
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_ntru_encrypt_param_sets.c
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_ntru_encrypt_param_sets.h
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_ntru_mgf1.c
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_ntru_mgf1.h
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_ntru_mult_coeffs_karat.c
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_ntru_mult_coeffs_simd.c
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_ntru_mult_indices.c
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_ntru_mult_indices_32.c
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_ntru_mult_indices_64.c
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_ntru_mult_indices_simd.c
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_ntru_poly.c
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_ntru_poly.h
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_sha.h
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_sha1.c
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_sha1.h
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_sha2.c
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_sha2.h
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_sha256.c
Win32.HelloKittyRansomware/NTRUEncrypt/src/ntru_crypto_sha256.h
Win32.HelloKittyRansomware/NTRUEncrypt/test/bench.c
Win32.HelloKittyRansomware/NTRUEncrypt/test/check_common.c
Win32.HelloKittyRansomware/NTRUEncrypt/test/check_common.h
Win32.HelloKittyRansomware/NTRUEncrypt/test/check_internal.c
Win32.HelloKittyRansomware/NTRUEncrypt/test/check_internal_key.c
Win32.HelloKittyRansomware/NTRUEncrypt/test/check_internal_mgf.c
Win32.HelloKittyRansomware/NTRUEncrypt/test/check_internal_poly.c
Win32.HelloKittyRansomware/NTRUEncrypt/test/check_internal_sha.c
Win32.HelloKittyRansomware/NTRUEncrypt/test/check_public.c
Win32.HelloKittyRansomware/NTRUEncrypt/test/sanity.c
Win32.HelloKittyRansomware/NTRUEncrypt/test/test_common.c
Win32.HelloKittyRansomware/NTRUEncrypt/test/test_common.h
Win32.HelloKittyRansomware/NTRUEncrypt/vs2012/NtruBuild.sln
Win32.HelloKittyRansomware/NTRUEncrypt/vs2012/NtruEncrypt_DLL.vcxproj
Win32.HelloKittyRansomware/NTRUEncrypt/vs2012/Sample_NTRUEncrypt.vcxproj
Win32.HelloKittyRansomware/crc32/crc32.cpp
Win32.HelloKittyRansomware/crc32/crc32.h
Win32.HelloKittyRansomware/decoder/Decryptor.cpp
Win32.HelloKittyRansomware/decoder/decoder.vcxproj
.xml
Win32.HelloKittyRansomware/decoder/decoder.vcxproj.filters
Win32.HelloKittyRansomware/decoder/decoder.vcxproj.user
Win32.HelloKittyRansomware/enc-struct.h
Win32.HelloKittyRansomware/new-private-ntru-key-debug.h
Win32.HelloKittyRansomware/new-private-ntru-key-release.h
Win32.HelloKittyRansomware/new-public-ntru-key-debug.h
Win32.HelloKittyRansomware/new-public-ntru-key-release.h
Win32.HelloKittyRansomware/ntru256gen/Keygen.cpp
Win32.HelloKittyRansomware/ntru256gen/ntru256gen.vcxproj
.xml
Win32.HelloKittyRansomware/ntru256gen/ntru256gen.vcxproj.filters
Win32.HelloKittyRansomware/ntru256gen/ntru256gen.vcxproj.user
Win32.HelloKittyRansomware/processnames.h
Win32.HelloKittyRansomware/random.h
Win32.HelloKittyRansomware/sha256/sha256.cpp
Win32.HelloKittyRansomware/sha256/sha256.h

Sharing

General

Malware Config

Signatures

Files

Password: infected