Videos

Check out our video libray AppCheck defending aginst newest ransomware

Hermes 2.0 Ransomware (<Original Filename>.<Original Extension>)

  • Distribution Method : Unknown
 
  • MD5 : abba8198c895466208321daabe3ffbf3
 
  • Major Detection Name : Trojan.Ransom.HermesKD.12624627 (BitDefender), Ransom:Win32/Wyhymyz.A (Microsoft)
 
  • Encrypted File Pattern : <Original Filename>.<Original Extension>
 
  • Malicious File Creation Location :
         - C:\Users\Public\desktop.bat
         - C:\Users\Public\winlogon.exe
         - C:\Users\%UserName%\Desktop\DECRYPT_INFORMATION.html
 
  • Payment Instruction File : DECRYPT_INFORMATION.html
 
  • Major Characteristics :
         - Offline Encryption
         - Delete backup files (ackup*.* / Backup*.* / *.bac / *.bak / *.bkf / *.dsk / *.set / *.VHD / *.wbcat / *.win)
         - Disable system restore (vssadmin Delete Shadows /all /quiet)

Go to List

Please upgrade your web browser for better website experience.

위로