Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : 7f230567b892074bceccd6f5fa8152ae
 
  • Major Detection Name : Gen:Variant.Ransom.CryptXXX.1 (BitDefender), Win32/Filecoder.CryptProjectXXX.H (ESET)
 
  • Encrypted File Pattern : <Original Filename>.<Original Extension>
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Temp\README.BMP
     - C:\Users\%UserName%\AppData\Local\Temp\README.HTML
     - C:\Users\%UserName%\AppData\Local\Temp\README.TXT
     - C:\Users\%UserName%\AppData\Local\Temp\BBB.KEY
     - C:\Users\%UserName%\AppData\Local\Temp\PPP.KEY
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\README.BMP
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\README.html
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\README.txt
 
  • Payment Instruction File : README.BMP / README.HTML / README.TXT
 
  • Major Characteristics :
     - Offline Encryption
     - CryptXXX Ransomware impostor
     - Changes desktop background (C:\Users\%UserName%\AppData\Local\Temp\README.BMP)

List

위로