ProLock Ransomware Sample Download

Posted Under: Download Free Malware Samples , Malware, Ransomware, Windows on Mar 24, 2020
A new ransomware called PwndLocker appeared in early March , targeting corporate networks, but after a short time Emsisoft researchers Michael Gillespie and Fabian Wosar identified a bug that allowed them to create a decryptor to recover the files without paying the ransom.

In the following weeks, the ransomware changed to ProLock Ransomware. According to what was discovered by the researcher Sophos PeterM , the new version is conveyed through a BMP image called WinMgr.bmp . The ransomware executable is embedded in the image. The BMP file is displayed correctly but it also contains binary data which are subsequently reassembled by a PowerShell script which injects them directly into memory. The ransomware encrypts the files on the device by adding the .proLock extension

In each folder that has been scanned, ProLock will create a ransom note called [How to recover files] .txt containing instructions and payment information.

ProLock Ransomware Signatures

MD5: c579341f86f7e962719c7113943bb6e4
SHA256: a6ded68af5a6e5cc8c1adee029347ec72da3b10a439d98f79f4b15801abd7af0

ProLock Ransomware Download

Download ProLock Ransomware Sample