Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : "Super SOFTWARE v1.0.0.0" Program impersonation
 
  • MD5 : 05f739175292182d9595c496231a98b7
 
  • Major Detection Name : Ransom:Win32/Fortrypt.A (Microsoft), Ransom.Crysis (Norton)
 
  • Encrypted File Pattern : .frtrss
 
  • Malicious File Creation Location :
         - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\READ IF YOU WANT YOUR FILES BACK(1).html
         - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\READ IF YOU WANT YOUR FILES BACK.html
         - C:\Users\%UserName%\AppData\Local\Temp\7z<Random>.tmp\setup.exe
         - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\READ IF YOU WANT YOUR FILES BACK.html
 
  • Payment Instruction File : READ IF YOU WANT YOUR FILES BACK.html
 
  • Major Characteristics : Offline Encryption, Does not modify the date of the encrypted file

List

위로