Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : 234d17d8978717d33bf53015760878ea
 
  • Major Detection Name : PS/Ransom (AhnLab V3), Ransom.PS1.COLDLOCK.SMY (Trend Micro)
 
  • Encrypted File Pattern : .locked
 
  • Malicious File Creation Location :
     - C:\ProgramData\readme.tmp
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\How To Unlock Files.txt
 
  • Payment Instruction File : How To Unlock Files.txt
 
  • Major Characteristics :
     - Offline Encryption
     - File encryption using Windows PowerShell (C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe)

List

위로