Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winnix Cryptor (.wnx, Your Files are Encrypted!.txt) Support Topic


  • Please log in to reply
10 replies to this topic

#1 Sando_r

Sando_r

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:05 AM

Posted 22 December 2016 - 06:28 AM

Hello,
 
I've got a few logs and crypted files from a victim: https://www.sendspace.com/delete/xols2f/466bf138dc113549e0372e005ddd2a96
 
Perhaps it'll help to analyse and create a tool to decrypt. There was no any fix so far.
 
Thank you

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:05 PM

Posted 22 December 2016 - 06:32 AM

You should submit samples of encrypted files and ransom notes to ID Ransomware.

Samples of any encrypted files, ransom notes or suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted here (https://www.bleepingcomputer.com/submit-malware.php?channel=168) with a link to this topic. There is a "Link to topic where this file was requested" box under the Browse... button. Doing that will be helpful with analyzing and investigating by our crypto malware experts.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Sando_r

Sando_r
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:05 AM

Posted 22 December 2016 - 06:52 AM

You should submit samples of encrypted files and ransom notes to ID Ransomware.

I did it already

Identified by

sample_extension: .wnx
Not enough information is public about Winnix Cryptor. Please check back later.


Sorry, also submitted to mentioned link.

can be submitted here (https://www.bleepingcomputer.com/submit-malware.php?channel=168) with a link to this topic.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:05 PM

Posted 22 December 2016 - 07:03 AM

Ok then. Be patient and give our crypto malware experts time to analyze everything.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 mike 1

mike 1

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Russia, Moscow
  • Local time:02:05 AM

Posted 23 December 2016 - 10:16 AM

Desciption: http://safezone.cc/threads/winnix-cryptor-ransomware.28769


Edited by mike 1, 23 December 2016 - 05:03 PM.

Ем мышек

My processor AMD Athlon™ X4 860K, 4 cores   :deadhorse:


#6 al1963

al1963

  • Members
  • 839 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 23 December 2016 - 04:26 PM

@mike_1,

 

Add, please, the source of one of the bat files.

I wonder what the key is used to encrypt user files.

It is possible that on the side of the user does not create a key pair, and the pair is used, created on the side of the attackers.



#7 mike 1

mike 1

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Russia, Moscow
  • Local time:02:05 AM

Posted 23 December 2016 - 04:59 PM

@mike_1,

 

Add, please, the source of one of the bat files.

I wonder what the key is used to encrypt user files.

It is possible that on the side of the user does not create a key pair, and the pair is used, created on the side of the attackers.

https://www.hybrid-analysis.com/sample/82417d563126b9ddd5d4679d31c9aa8d004a612630899d87c918fbde299e4607


Ем мышек

My processor AMD Athlon™ X4 860K, 4 cores   :deadhorse:


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:05 PM

Posted 24 December 2016 - 12:55 PM

#Ransomware Hunt: "Winnix Cryptor Team", ext. ".wnx" note "YOUR FILES ARE ENCRYPTED!.txt"

It's been added to ID Ransomware.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Amigo-A

Amigo-A

  • Members
  • 226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:03:05 AM

Posted 25 December 2016 - 03:16 AM

https://www.hybrid-analysis.com/sample/82417d563126b9ddd5d4679d31c9aa8d004a612630899d87c918fbde299e4607

 

Ссылка нерабочая. / Not show analysis.


Need info about Crypto-Ransomware? A huge safe base here!

Digest about Crypto-Ransomwares (In Russian) + Google Translate Technology

Anti-Ransomware Project  (In Russian) + Google Translate Technology and links


#10 Amigo-A

Amigo-A

  • Members
  • 226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:03:05 AM

Posted 25 December 2016 - 03:18 AM

Maybe is this ?
 

Edited by Amigo-A, 25 December 2016 - 03:20 AM.

Need info about Crypto-Ransomware? A huge safe base here!

Digest about Crypto-Ransomwares (In Russian) + Google Translate Technology

Anti-Ransomware Project  (In Russian) + Google Translate Technology and links


#11 mike 1

mike 1

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Russia, Moscow
  • Local time:02:05 AM

Posted 25 December 2016 - 03:49 AM

Yes. Check PM. 


Ем мышек

My processor AMD Athlon™ X4 860K, 4 cores   :deadhorse:





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users