Videos

Check out our video libray AppCheck defending aginst newest ransomware

GlobeImposter Ransomware (..doc)

  • Distribution Method : Mail attachment (.vbs)
 
  • MD5 : c99e32fb49a2671a6136535c6537c4d7
 
  • Major Detection Name : Win32.Trojan-Ransom.GlobeImposter.T55VWB (GData), Trojan-Ransom.Win32.Purgen.acd (Kaspersky)
 
  • Encrypted File Pattern : ..doc
 
  • Malicious File Creation Location :
         - C:\Users\%UserName%\AppData\Local\Temp\<Random>.exe
         - C:\Users\%UserName%\AppData\Roaming\<Random>.exe
 
  • Payment Instruction File : Read___ME.html
 
  • Major Characteristics :
         - Offline Encryption
         - Fake Globe / PSCrypt Ransomware series
         - Disable system restore (vssadmin.exe Delete Shadows /All /Quiet)

Go to List

Please upgrade your web browser for better website experience.

위로