Class: Trojan-Ransom
This type of Trojan modifies data on the victim computer so that the victim can no longer use the data, or it prevents the computer from running correctly. Once the data has been “taken hostage” (blocked or encrypted), the user will receive a ransom demand. The ransom demand tells the victim to send the malicious user money; on receipt of this, the cyber criminal will send a program to the victim to restore the data or restore the computer’s performance.Read more
Platform: Win32
Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.Family: Gen
No family descriptionExamples
A3D3FEC3086950318A9E39099DF686173073B43A96C492789B94CB89A115CAD8
7904FB2F02238C0D6BB2829025AE10E8
F99AC4D866A6D88B97CC98F2345930F1
C3C3B7298B0948A55D61FB9165C75C3A
Tactics and Techniques: Mitre*
Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager (services.exe) is an interface to manage and manipulate services. The service control manager is accessible to users via GUI components as well as system utilities such as sc.exe and Net.
Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager (services.exe) is an interface to manage and manipulate services. The service control manager is accessible to users via GUI components as well as system utilities such as sc.exe and Net.
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.