Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method : Unknown
- MD5 : 9fda38454048a826257cd2e8f86248fc
- Major Detection Name : Ransomware-HBP!9FDA38454048 (McAfee), Ransom:Win32/DelShad (Microsoft)
- Encrypted File Pattern : .ReadManual.9E2F3FE8
- Malicious File Creation Location : C:\Users\%UserName%\Desktop\RecoveryManual.html
- Payment Instruction File : RecoveryManual.html
- Major Characteristics :
- Offline Encryption
- File encryption using system file "C:\Windows\system32\rundll32.exe" or "C:\Windows\system32\regsvr32.exe"
- Terminate multiple running processes.
- Disable system restore (vssadmin.exe delete shadows /all /Quiet)
- Change encrypted file (.ReadManual.9E2F3FE8) icon and display ransom note(HKEY_CLASSES_ROOT\.9E2F3FE8\shell\Open\command\(Default)=explorer.exe RecoveryManual.html) when user executes it.