The latest Cryptowall 3.0 sample that we analyzed was in a zip file. It contains multiple dropper files which are essentially identical in functionality except for the encryption algorithm used to obfuscate the dropper. The dropper for this version of Cryptowalls has been streamlined. One new feature of the CryptoWall 30 is the use of a global MD5P network proxy and Url2P network. The malware acquires a lot of system information (like the computer name) and on the main processor.”]
Source: https://blog.talosintelligence.com/2015/02/cryptowall-30-back-to-basics.html