TeslaCrypt 2.0 Code

J

JM Safe

Level 39
Thread author
Verified
Top Poster
Apr 12, 2015
2,882
19,912
3,798
Europe
LINK: http://www.infosecdailynews.com/teslacrypt-2-0-disguised-as-cryptowall/

Hi everyone, in this thread I want to post part of code of this dangerous ransomware.

Key data saved in system:

tesla_crypt_en_5.png


And this should be the same code in C language:

tesla_crypt_en_6.png


Infected system:

tesla_crypt_en_7.png


File encryption:

tesla_crypt_en_8.png


And this should be the same code in C language

tesla_crypt_en_9.png


Evading detection:

tesla_crypt_en_10.png


C&C communication:

tesla_crypt_en_11.png


 
Last edited:
  • Like
Reactions: WinXPert, Oxygen, LabZero and 2 others
Jo Man said:
Hi everyone, in this thread I want to post part of code of this dangerous ransomware.

Key data saved in system:

tesla_crypt_en_5.png


And this should be the same code in C language:

tesla_crypt_en_6.png


Infected system:

tesla_crypt_en_7.png


File encryption:

tesla_crypt_en_8.png


And this should be the same code in C language

tesla_crypt_en_9.png


Evading detection:

tesla_crypt_en_10.png


C&C communication:

tesla_crypt_en_11.png
Click to expand...
Can you add source ? :)
 
  • Like
Reactions: JM Safe
Salutations,

Are there any AV's solutations, that stop this headcahe?
And clean TeslaCrypt 2.0 Code off of your PC?

What about Cryptoprevent,Sandboxie, Shadow Defender and Toolwiz Time Free.
Can they stop the above?

Kind regards,
 
Last edited:
You plagiarized the whole thing from Kaspersky, you should at least link to the original article here: https://securelist.com/blog/research/71371/teslacrypt-2-0-disguised-as-cryptowall/
as @Enju has mentioned and not this
Jo Man said:
LINK: http://www.infosecdailynews.com/teslacrypt-2-0-disguised-as-cryptowall/
Click to expand...
which itself was not even present when you first posted. I don't want to speculate why you do not want to link directly to the original source even though Enju has mentioned "Kaspersky", but instead choose to update your post with a source that reposted from Kaspersky. I think it will do the original author more justice if you link directly to his article.
 
Cch123 said:
You plagiarized the whole thing from Kaspersky, you should at least link to the original article here: https://securelist.com/blog/research/71371/teslacrypt-2-0-disguised-as-cryptowall/
as @Enju has mentioned and not this

which itself was not even present when you first posted. I don't want to speculate why you do not want to link directly to the original source even though Enju has mentioned "Kaspersky", but instead choose to update your post with a source that reposted from Kaspersky. I think it will do the original author more justice if you link directly to his article.
Click to expand...
Your comment is useful LOL :P
With regards, Jo Man
 
  • Like
Reactions: LabZero
Moose said:
Salutations,

Are there any AV's solutations, that stop this headcahe?
And clean TeslaCrypt 2.0 Code off of your PC?

What about Cryptoprevent,Sandboxie, Shadow Defender and Toolwiz Time Free.
Can they stop the above?

Kind regards,
Click to expand...
Wow a lot of questions :D
Anyway the most advanced AVs can block TeslaCrypt 2.0, as the version 2.0 is less
easy to detect then the first version of the malware.
To ask your last question in my opinion is difficult to say if these programs can block completely the malware, I hope yes, but I'm not sure.
Anyway sometimes ago I watched a video that showed these type of software can block the virus, because it is isolated from the real system.
Regards,

Jo Man
 
Last edited:
  • Like
Reactions: Moose and LabZero
You must log in or register to reply here.

You may also like...