Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : e0340f456f76993fc047bc715dfdae6a
 
  • Major Detection Name : Trojan.Win32.KillMBR.gfd (Kaspersky), Ransom:Win32/Genasom (Microsoft)
 
  • Encrypted File Pattern : .locked
 
  • Malicious File Creation Location :
         - C:\Users\%UserName%\<8 Digits Random Number>\assembler.exe
         - C:\Users\%UserName%\<8 Digits Random Number>\boot.asm
         - C:\Users\%UserName%\<8 Digits Random Number>\boot.bin
         - C:\Users\%UserName%\<8 Digits Random Number>\main.exe
         - C:\Users\%UserName%\<8 Digits Random Number>\overwrite.exe
         - C:\Users\%UserName%\<8 Digits Random Number>\protect.exe
 
  • Major Characteristics :
         - Offline Encryption
         - GoldenEye / Mischa / NotPetya / PetrWrap Ransomware series
         - AutoIt scripts based Ransomware
         - Modifying the MBR + File Encryption
         - Disable Task Manager (Taskmgr.exe) and Process Hacker (ProcessHacker.exe)

List

위로