Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Download file by user
- MD5 : f068e831829b32f906cff905b325f825
- Encrypted File Pattern : .<5~10-Digit Random Extension>
- Malicious File Creation Location : C:\Users\%UserName%\<Random>.exe
- Payment Instruction File : <Encryption Extension>-DECRYPT.txt
- Major Characteristics :
- Offline Encryption
- Includes removal of antivirus (AhnLab V3, avast! Antivirus) and stop the Windows Defender service using javascript.
- Block processes execution (dbsnmp.exe, msftesql.exe, oracle.exe, sqlagent.exe, sqlbrowser.exe, sqlwriter.exe etc.)
- Disable system restore (wmic.exe shadowcopy delete)
- Changes desktop background (C:\Users\%UserName%\AppData\Local\Temp\pidor.bmp)