Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Remote access through Remote Desktop Protocol(RDP) or Terminal Services
 
  • MD5 : 99a3d049f11474fac6844447ac2da430
 
  • Major Detection Name : HEUR:Trojan.Win32.AntiAV (Kaspersky), Ransom:Win32/Genasom (Microsoft)
 
  • Encrypted File Pattern : <Random> ID <Random>.1btc
 
  • Malicious File Creation Location :
         - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Restore Files.TxT
         - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Restore Files.TxT
         - C:\Windows\wwvcm.exe
 
  • Payment Instruction File : Restore Files.TxT
 
  • Major Characteristics :
         - Offline Encryption
         - DXXD Ransomware series
         - Encryption starts after killing all process except listed in whitelist processes
         - Disable system restore (vssadmin delete shadows /all)
         - Display a ransomware message on the Windows logon screen

List

위로