Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Download file via a Crack site
- MD5 : 9e5c89c84cdbf460fc6857c4e32dafdf
- Major Detection Name : Win32/Filecoder.Exorcist.B (ESET), Ransom:Win32/DelShad (Microsoft)
- Encrypted File Pattern : .<6-Digit Random Extension>
- Payment Instruction File : DECRYPT-<Encryption Extension>-decrypt.hta
- Major Characteristics :
- Offline Encryption
- Disable system restore (vssadmin Delete Shadows /All /Quiet, bcdedit /set {default} recoveryenabled No, bcdedit /set {default} bootstatuspolicy ignoreallfailures, wbadmin DELETE SYSTEMSTATEBACKUP, wbadmin DELETE SYSTEMSTATEBACKUP -deleteOldest, wmic SHADOWCOPY /nointeractive)
- Deletes event log (wevtutil cl application, wevtutil cl security, wevtutil cl system)
- Changes desktop background (C:\Users\%UserName%\AppData\Local\Temp\<Random>.bmp)