Thursday, 20 January 2011

Trojan.Ransom (HomoBlocker)



This trojan blocker ( MD5: 63b88fbf4c61bf50fea5cff746c9bad2 ) prevents all software execution.
To remove the Trojan (and unlock windows), infected users need to enter a valid serial number.
This sample was detected at 10h 30m GMT+1


Number to Call: 9055228378
Number to Call: 9671979556
Number to Call: 9647263435
Number to Call: 9647263634
Number to Call: 9653919160
Number to Call: 9647235212
Number to Call: 9653919221
Number to Call: 9652857791
Number to Call: 9671979717
Number to Call: 9647263667
Number to Call: 9636256561
Number to Call: 9652750771
Number to Call: 9629460035
Number to Call: 9671979554
Number to Call: 9671979550
Number to Call: 9645213945
Number to Call: 9645214036
Number to Call: 9653985797
Code to unlock Windows: NOGLUES


HomoBlocker is a variant of pornoplayer
HomoBlocker was already analyzed on the past: here (15 Jan 2k11) ~ here (16 Jan 2k11) ~ here (18 Jan 2k11)

No comments:

Post a Comment