yan1AVKiller
Ransomware component with AV killing capability. net stop WinDefend + taskkill /f /im wrsa* disables Windows Defender and Webroot. Crypto++ library AES/Rijndael+SHA encryption. Drive enumeration (GetLogicalDriveStringsA). File timestomping (SetFileTime). Two developer PDB paths: user111 (wifi/project) and user cake (project-main/cryptopp-master).
Threat Profile
Type
Ransomware
Programming LanguageC++/Crypto++
C2 ProtocolN/A
First Seen2025
Targets
Kuresel/Kurumsal
Purpose / Capabilities
- File Encryption/AV-Kill/Ransomware
No C2 servers have been identified for this family yet.
Research Reports (1)
yan1AVKiller d11793433 -- net stop WinDefend taskkill wrsa Webroot AV Kill Crypto++ AES Rijndael Ransomware Sifreleme Drive Enumeration Timestomping 2 PDB Gelistirici | Kritik
yan1 d11793433 console PE32 x86 408KB. net stop WinDefend + taskkill wrsa* (Webroot kill). Crypto++ AES Rijndael sifreleme. Drive enumeration + timestomping. Iki PDB (user111 + cake).
Read Report →