Nuclear Exploit Kit (EK), cracked software, or malicious torrents File encryption (Ransomware) or theft of crypto-wallet data Detection High malicious score (100/100) in automated analysis Threat Roundup for August 12 to August 19
: It often serves as a Trojan Downloader —a malicious program designed to bypass security, establish a foothold, and then pull more damaging payloads onto the system. Technical Characteristics Soft.exe
: It has been documented as a downloader for Locky ransomware and has appeared in campaigns involving the RagnarLocker threat group. Nuclear Exploit Kit (EK), cracked software, or malicious
: It is known to inject malicious code into legitimate Windows processes like svchost.exe to operate stealthily in memory. : The malware frequently uses CryptOne packing to
: The malware frequently uses CryptOne packing to hide its code and implements stalling techniques (like calling Sleep functions) to wait out sandbox analysis.
: In more recent activity, a related variant named ViperSoftX has been found disguised as cracked software to steal cryptocurrency and system information.