psychic-robot

Windows Virus who destroy some importants files on C:\windows\system32\

Signatures of psychic-robot.PY (python file) :

• Bkav Pro : ASP.Webshell

Signatures of psychic-robot.EXE (executable) :

• Antiy-AVL : Trojan/Generic.ASMalwS.34D0C6E

• Avast : Win32:Trojan-gen

• AVG : Win32:Trojan-gen

• Bkav Pro : W32.AIDetect.malware2

• Cylance : Unsafe

• eGambit : Unsafe.AI_Score_98%

• Gridinsoft : Ransom.Win32.Sabsik.oa!s1

• Jiangmin : Trojan.PSW.Disco.ccw

• Lionic : Trojan.Win32.Generic.4!c

• McAfee : GenericRXAA-FA!88F91C350BDD

• McAfee-GW-Edition : BehavesLike.Win32.Generic.tc

• Microsoft : Trojan:Win32/Sabsik.FL.B!ml

• SecureAge APEX : Malicious

• Sophos : Mal/Generic-S

• Symantec : ML.Attribute.HighConfidence

• Zillya : Trojan.Agent.Win32.2557541

Details :

• This is not a ransomware
• **it's recognized as ransomware because he is using the XOR method ;) **
• For educationnal purposes
• OpenSource
• ⚠️ DO NOT INFECT THE OTHER'S PC ⚠️
• ⚠️ DO NOT USE FOR ILLEGAL PURPOSES ⚠️

Optionnal Infos :

D5 : 68b79c1954bbe82e6627f41407f97f5a

SHA-1 : 9b272086f6a609d2bf17a7bef2d80c2fca8baaac

SHA-256 : 7f210102cc5f02b7679405a16635000e45c7e37709fb540a60af82baaec42084

SSDEEP : 192:adPdTdndBddd9dxdTdndtd5dRdNd+dJdc:adPdTdndBddd9dxdTdndtd5dRdNd+dJi

TLSH : T15F02D140EA584272027A59ED04F38D62B2A1F027BF16D751378D719C9F385EE4E3B6E2

File type : Python

Magic ASCII Python program text, with CRLF line terminators

File size : 8.08 KB (8274 bytes)

VirusTotal : https://www.virustotal.com/gui/file/0525cc2d4079a9a3bc413f552a4125d32f030bf2eeeaa8df559c901537712e39