Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : 1c40b77a10b8c061d7745d41a6ffe961
 
  • Major Detection Name : TR/FileCoder.cxwem (Avira), Ransom.Wannacash (Malwarebytes)
 
  • Encrypted File Pattern : файл зашифрован (<Original Filename>.<Original Extension>) .wannacash
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Temp\как расшифровать файлы.txt
     - C:\Users\%UserName%\AppData\Local\Temp\keys.txt
     - C:\Users\%UserName%\AppData\Local\Temp\Public.key
     - C:\Users\%UserName%\AppData\Local\Temp\run.bat
 
  • Payment Instruction File : как расшифровать файлы.txt
 
  • Major Characteristics :
     - Offline Encryption
     - The Russian users are targeted.
     - Automatically reboot Windows after file encryption is complete (shutdown -r -f -t 0)

List

위로