Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : e6c0a9b394c63e9ed5e8d4da1a72088c
 
  • Major Detection Name : Gen:Variant.Bulz.542186 (BitDefender), VHO:Trojan-PSW.Win32.Vidar.gen (Kaspersky)
 
  • Encrypted File Pattern : .zzla
 
  • Malicious File Creation Location :
     - C:\SystemID
     - C:\SystemID\PersonalID.txt
     - C:\Users\%UserName%\AppData\Local\<Random>-<Random>-<Random>-<Random>-<Random>
     - C:\Users\%UserName%\AppData\Local\<Random>-<Random>-<Random>-<Random>-<Random>\build2.exe
     - C:\Users\%UserName%\AppData\Local\<Random>-<Random>-<Random>-<Random>-<Random>\<Random>.exe
     - C:\Users\%UserName%\AppData\Local\bowsakkdestx.txt
     - C:\Windows\System32\Tasks\Time Trigger Task
 
  • Payment Instruction File : _readme.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Reruns by adding "Time Trigger Task" in Task Scheduler to run "%LocalAppData%\<Random>-<Random>-<Random>-<Random>-<Random>\<Random>.exe --Task" for every 5 minutes.
     - Generates additional AZORult malware (Info stealer)

List

위로