Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : 872a077fa50f25cde12bc4ac1ca15a6a
 
  • Major Detection Name : Win32.Trojan-Ransom.HkCrypt.A (GData), Ransom-Hacked!872A077FA50F (McAfee)
 
  • Encrypted File Pattern : .hacked
 
  • Malicious File Creation Location :
         - C:\Users\%UserName%\AppData\Roaming\<Random>\<Random>.exe
         - C:\Users\%UserName%\AppData\Roaming\<Random>\<Random>.INI
         - C:\Users\%UserName%\Desktop\<Random>.lnk
 
  • Payment Instruction File : @Leggimi_decrypt_Italian.txt / @readme_English.txt / @Readme_Spanish.txt / @Readme_turkish.txt / How_to_decrypt_files.txt
 
  • Major Characteristics :
         - Offline Encryption
         - Change the default values of the registry entry "HKEY_CLASSES_ROOT\mscfile\shell\open\command" and a ransomware execution using Event Viewer (eventvwr.exe)
         - Automatically executed every 10 minutes through the Task Scheduler entry (Microsoftfix)
         - Create a fake Windows Updates message
         - The English, Italian, Spanish and Turkish users targeted
         - Changes desktop background (hacked.jpg)

List

위로