Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


HugeMe Ransomware Support & Help Topic (.encrypted, DECRYPT_ReadMe.TXT.ReadMe)

  • Please log in to reply
4 replies to this topic

#1 cosmo15900


  • Members
  • 3 posts
  • Local time:04:48 PM

Posted 09 February 2017 - 02:55 PM

hey everyone. we were hit some time ago and just cannot find anything on our ransomware. When it hit it left a decrypt file and a program called Hugeme.exe.
the note is this.
All your files encrypted with strong encryption.
To unlock your files you must pay 1 bitcoin to address :
Search google for how to buy and send bitcoin.
After you send the bitcoin email to : 
use all email to communicate 
with the information of username and pcname and the time you send bitcoins.
When we will confirme the transaction you will receive decryption key and decryption program.
You have 5 days to make transaction after that your decryption key will be deleted.And your files gone forever.
the hugeme.exe file when scanned passed all antivirus and passed on virustotal website. When I hexedit the program you can tell its what is responsible for the encrypted files.
I tried the webiste 


and all results did not work with this. I am hoping someone out there has a clue or fix for this please.


Mod Edit

Link's deactivated


Edited by quietman7, 10 February 2017 - 04:10 PM.
Mod Edit

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,905 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:48 PM

Posted 09 February 2017 - 04:58 PM

Samples of any encrypted files, ransom notes or suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted here (https://www.bleepingcomputer.com/submit-malware.php?channel=168) with a link to this topic. There is a "Link to topic where this file was requested" box under the Browse... button. Doing that will be helpful with analyzing and investigating by our crypto experts.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Struppigel


    Karsten Hahn, G DATA Malware Analyst

  • Malware Response Team
  • 231 posts
  • Gender:Male
  • Local time:01:48 AM

Posted 10 February 2017 - 01:42 AM

I have downloaded your files, however, as you correctly noticed the HugeMe.exe is malware and other users might get infected by it. So please remove the download link. I will share your files with the others from the ransomware team to investigate.

PS: This HugeMe.exe is a HiddenTear/EDA2 variant.
Did you happen to edit the file while looking at it with a hex editor? The DOS Stub header was corrupt and I repaired the file. The repaired version had 39/56 detections four months ago on Virustotal and was uploaded the first time over a year ago:

Edited by Struppigel, 10 February 2017 - 03:06 AM.

#4 Amigo-A


  • Members
  • 607 posts
  • Gender:Male
  • Location:3st station from Sun
  • Local time:04:48 AM

Posted 10 February 2017 - 03:33 PM

HugeMe Ransomware: Description and Genealogy 

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 

#5 cosmo15900

  • Topic Starter

  • Members
  • 3 posts
  • Local time:04:48 PM

Posted 18 February 2017 - 10:43 PM

hey sorry for the late response. I do not beleve that the file was edited in the editor but the program i think failed to properly delete on when completed.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users